2017-03-01 00:09:54 please help me to review https://github.com/alpinelinux/aports/pull/940 2017-03-01 00:24:58 any ideas how easily i could port a driver over that's missing on alpine 2017-03-01 00:24:59 http://ldriver.qlogic.com/driver-srpms/nx_nic/hpqlgc-nx_nic-4.0.596.1-2.rhel7u2.src.rpm 2017-03-01 00:25:26 basically, the stock driver is unstable, and what's worse, you can't update the firmware using it 2017-03-01 00:36:23 seems this is also good http://ldriver.qlogic.com/firmware/netxen_nic/new/0001-netxen_nic-Update-QLogic-phanfw.bin-to-version-4.0.5.patch 2017-03-01 00:36:57 but the rhel driver appears a lot newer, idk 2017-03-01 01:08:18 hi I notice alpine-linux doesnt support glusterfs, can anyone tell me if there is any supported cluster file systems 2017-03-01 01:09:57 lizardfs 2017-03-01 01:10:13 thanks darkfader, never heard of that one 2017-03-01 01:10:15 if you got probs making it work, ask me on the weekend 2017-03-01 01:10:28 ok thanks darkfader 2017-03-01 07:19:07 <__errm> is there a way to set priorities on repositories in /etc/apk/repositories 2017-03-01 07:19:26 <__errm> a bit like you would do with gentoo overlays ... 2017-03-01 10:27:31 _ikke_: I'm a UTC kinda guy. If anyone from the Alpine team wants to consider it, I'll be around all day. 2017-03-01 10:36:48 Kruge_: i've paypal'ed money to various devs if they worked on something i had needed 2017-03-01 10:37:04 but there's no premade bounty mechanism or so 2017-03-01 10:38:18 iirc at least fabled also has a job that allows to do paid dev, but that is a memory from like 2011/2012 so YMMV 2017-03-01 10:46:12 Kruge_: A MinGW cross-compiler package for Alpine? 2017-03-01 10:46:34 My priority would probably be a "setup-wine" script for setting up a 32-bit Alpine container with Wine, honestly... 2017-03-01 10:47:11 Something I want to look into. Chrooting into Debian for Wine is annoying and multilib isn't planned 2017-03-01 10:49:17 doesn't the 64bit wine also run 32bit executables? 2017-03-01 10:49:29 no 2017-03-01 10:50:06 so no WINEoWINE support yet :3 2017-03-01 10:50:36 asie: for mingw env you could try https://github.com/mxe/mxe which is supposedly platform agnostic 2017-03-01 10:51:03 (i use it on ubuntu) 2017-03-01 10:52:51 asie: I don't mind how it is achieved, but some ability to cross-compile so I can get those openvas-smb and wmi libraries is what i'm after 2017-03-01 10:54:30 Kruge_: i suggested mxe a while back, did you try it? 2017-03-01 10:54:42 Not yet, just finishing my coffee 2017-03-01 10:54:50 it was like few weeks ago... 2017-03-01 10:55:07 Ah, sorry 2017-03-01 10:55:29 The other problem is my lack of ability when it comes to packaging / porting software 2017-03-01 10:56:21 your lack of ability will not magically disappear even if alpine had such mingw package... 2017-03-01 10:57:19 i.e. you should start experimenting to get that ability 2017-03-01 10:57:47 Indeed, but there are limits to my time and mental bandwidth 2017-03-01 10:57:51 Anyhow, pulling mxe now 2017-03-01 11:00:01 cross (or native) building is likely to challenge you occasionally... just start and see how far you get, and then try to get help on specific things you get stuck on. 2017-03-01 11:21:14 well, it leaves the simple option that we could have bounties 2017-03-01 11:21:40 tbh the project is big enough that as community we could pile up some money and have a few part-time devs 2017-03-01 12:56:19 <__errm> is there any way to have apk look at a directory of repository files? 2017-03-01 12:56:41 <__errm> i.e. /etc/apk/repositories.d/ 2017-03-01 14:11:44 part ##namespace 2017-03-01 14:11:50 don't as 2017-03-01 14:11:50 k 2017-03-01 14:58:03 __errm, that works 2017-03-01 14:58:29 it loads etc/repositories.d/*.list 2017-03-01 14:59:18 <__errm> ok great thank fabled :) 2017-03-01 20:40:14 interesting, I didn't know about that either 2017-03-02 00:06:52 Hello, I have an easily reproduced crash in ncurses when TERM=linux, optimization is >= 1, and wide chars are enabled. I suspect it's an upstream bug but so far only seen in Alpine 2017-03-02 00:13:06 Oh, it appears to be fixed somewhere between 6.0 and the latest patch release. 2017-03-02 00:16:15 test case is simply initscr(); addch(ACS_VLINE); getch(); endwin(); 2017-03-02 03:59:06 src/MediaInfo_CLI_GNU_FromSource/MediaInfo/Project/GNU/CLI/configure: line 15197: libmediainfo-config: command not found 2017-03-02 03:59:10 How come? 2017-03-02 03:59:48 Is Corey Oliver here? 2017-03-02 04:52:50 pickfire: don't post email addresses publicly. 2017-03-02 04:53:05 avih: Oh, okay. Sorry. 2017-03-02 04:54:19 (even if they're easy to find elsewhere e,g, via git commits etc) 2017-03-02 08:20:13 morning 2017-03-02 09:18:26 Morning 2017-03-02 09:20:38 night 2017-03-02 11:53:10 Hello everyone 2017-03-02 16:04:26 Hi, what is the easiest way to increase console/tty resolution (preferably without having to add drivers)? Using the vanilla kernel version of 32bit alpine under virtualbox, booting with extlinux. 2017-03-02 16:04:48 Huh? You can do that? 2017-03-02 16:04:59 jalt: Maybe try nomodeset? 2017-03-02 16:07:05 pickfire, removing nomodeset from the boot options had no visible effect. should i also append vga=795 or that a vesa only thing? 2017-03-02 16:08:15 Huh, I am not sure then. I know not using nomodeset will increase the size. 2017-03-02 16:09:40 tried with vga=795 and it was unrecognized. the list it provides is only for pure vga and the options F01 to F07 are still limited to 80 chars... 2017-03-02 16:11:10 i will try https://wiki.alpinelinux.org/wiki/Uvesafb now 2017-03-02 16:16:29 success! 2017-03-02 16:44:05 parazyd: any plans to provide also an alpine based version of heads? 2017-03-02 17:58:05 yGweSm1OzVHe: hardly for now 2017-03-02 17:58:17 but feel free to experiment 2017-03-02 17:58:27 i believe the build system is easy to understand and port 2017-03-02 17:58:53 should be far simpler than devuan actually 2017-03-02 17:59:57 i did have in mind to implement alpine support in my arm-sdk though, so if i start upstreaming that code... maybe something nice happens :) 2017-03-02 18:01:02 i can't take devuan seriously 2017-03-02 18:01:05 https://devuan.org/os/init-freedom/ 2017-03-02 18:01:07 like, for real? 2017-03-02 18:01:42 meh 2017-03-02 18:01:56 yeah for now devuan jessie is the same as debian jessie (without systemd) 2017-03-02 18:02:15 afterwards we start the real work, and killing debian's dumb choices 2017-03-02 18:04:09 kaniini: what do you find bad with that text? 2017-03-02 18:05:07 forking debian (a distribution that needs modernization) just to keep it in the stoneage seems a bad idea 2017-03-02 18:05:31 i thought the issue was political? 2017-03-02 18:05:38 that's what i mentioned 2017-03-02 18:05:39 or... sentemental 2017-03-02 18:05:50 with ascii (release after jessie) we start the real work 2017-03-02 18:05:53 yes, systemd is bad, but the manifesto devuan uses to justify the fork demonstrates bad thinking 2017-03-02 18:06:01 will devuan also say things like 2017-03-02 18:06:11 "apt sucks! were switching back to dselect!" 2017-03-02 18:06:24 openrc as a base, more recent packages, etc. 2017-03-02 18:06:44 keyboards suck! we're switching back to punch-hole cards 2017-03-02 18:06:52 exactly eric 2017-03-02 18:07:04 it just screams "old man yells at cloud" to me 2017-03-02 18:07:07 "we're going back to 3.11 for workgroups!" 2017-03-02 18:07:09 debian sucks in general imho, but it's pretty much a standard besides redhat 2017-03-02 18:07:19 out of all of those, shepherd is probably the most interesting 2017-03-02 18:07:28 i expect they had a reason to fork it 2017-03-02 18:07:42 ericnoan: it was because of systemd 2017-03-02 18:07:43 yes, to get rid of systemd 2017-03-02 18:07:51 ah right 2017-03-02 18:07:56 systemd is hardly the real problem debian has 2017-03-02 18:08:06 it is one of them 2017-03-02 18:08:23 it is a problem debian has, but it is hardly the most severe 2017-03-02 18:08:42 it's actually worse because they neutered systemd of a lot of its useful features 2017-03-02 18:09:06 keeping etc/init.d with systemd was a ridiculous move 2017-03-02 18:09:08 i just set up a temp VM for some testing, and carelessly selected the debian image, i was very confused until i looked at the packages version numbers 2017-03-02 18:09:17 parazyd: even centos still has init.d 2017-03-02 18:09:24 i was quick to switch image heh 2017-03-02 18:09:27 that's just wrong 2017-03-02 18:09:33 compatibility issue, mostly 2017-03-02 18:09:44 and a shitty practice 2017-03-02 18:09:53 i mean, i will definitely not disagree that the way debian did the systemd migration was completely screwed 2017-03-02 18:10:03 but it is systemic of a larger problem 2017-03-02 18:10:54 the main reason why the systemd migration was botched was NMUs in my opinion 2017-03-02 18:10:54 namely, the large problem; the size of both the package database and the userbase 2017-03-02 18:11:12 http://imgur.com/grlsdV2 <-- my fedora server has these initscripts in it 2017-03-02 18:11:25 it's difficult to move fast and modernize when so many people depend on your product to stay the same 2017-03-02 18:11:26 (figures identd wouldn't have a systemd unit) 2017-03-02 18:11:28 if you have to wait X days for a patch to be idle before engaging in an NMU... it slows down the migration process 2017-03-02 18:12:06 didn't debian nix out per-user services in systemd or some crazy shit like that? 2017-03-02 18:12:57 tech-ctte failure to scale is another issue 2017-03-02 18:13:11 alpine policy learns from those mistakes and does not repeat them ;) 2017-03-02 18:17:23 there's one problem i don't think any of us can get around 2017-03-02 18:17:35 computers can scale human error from one time per second to billions 2017-03-02 18:18:24 I fully support the ancient model where reading and interpreting scripture is reserved for the priest class only!... 2017-03-02 18:18:42 pfft 2017-03-02 18:18:51 bard class > priest class 2017-03-02 18:19:06 (no not really, but sometimes I wish people would have more understanding of the tech they use) 2017-03-02 18:19:38 anyway, time for me to use public transport tech to get back to home base 2017-03-02 18:19:48 public you say, sounds fancy 2017-03-02 18:20:07 well, exotic it is, at least :D 2017-03-02 18:20:26 oh, i'm sorry 2017-03-02 18:20:49 does s6 have the idea of per-user services? 2017-03-02 18:21:13 sure 2017-03-02 18:21:17 just fire up an s6 2017-03-02 18:21:22 on any dir you want 2017-03-02 18:21:24 and done 2017-03-02 18:22:09 https://devuan.org/ui/img/if.png 2017-03-02 18:22:23 i am sorry but this just looks like a logo someone who had too much lennart-ware in their life would make 2017-03-02 18:22:35 you should just say what you mean 2017-03-02 18:22:42 "watch out for crappy software by lennartp" 2017-03-02 20:03:07 i don't want init freedom, i want freedom from freedesktop, wayland, dbus, logind, upowerd, etc. also 2017-03-02 20:03:34 systemd truly is the smallest evil in this compilation :( 2017-03-02 20:03:48 oh 2017-03-02 20:03:54 and don't forget pulse fucking audio 2017-03-02 20:04:19 alsa was bad enough after a perfectly fine oss 2017-03-02 20:04:53 i dont want shit like regedit for linux 2017-03-02 20:06:48 it's difficult to avoid, so many seem to reimplement it 2017-03-02 20:07:03 gnome has theirs, xfce has theirs... 2017-03-02 20:22:15 i'm not sure what is so bad about wayland, but i havent looked at it 2017-03-02 20:22:21 it's not like X is actually good :p 2017-03-02 20:26:32 it's not that bad, I believe my phone uses Wayland for its UI 2017-03-02 20:26:57 what phone? 2017-03-02 20:27:08 real hackers can hear the bits flowing in the system bus 2017-03-02 20:27:14 they don't need no damn interface 2017-03-02 20:27:16 not even a console 2017-03-02 20:28:06 c00kiemon5ter: good old Jolla 2017-03-02 20:29:47 gotta be pretty happy getting security updates over 3 years after release :) 2017-03-02 20:32:54 hiro: gentoo is close 2017-03-02 20:33:34 and it pays the price for that 2017-03-02 20:34:07 TBB: it's difficult to learn *what* to avoid. gnome and xfce have to be avoided obviously. 2017-03-02 20:34:24 i'm pretty happy i still get regular security updates (even selinux policy) for my note4 2017-03-02 20:34:30 was not expecting that tbh 2017-03-02 20:34:34 after all this time 2017-03-02 20:34:40 TBB: being aware there even are alternatives requires a lot of confidence though, cause horrible evangelists try to keep you from quitting their horrible software sects 2017-03-02 20:35:05 TBB: wayland is never gonna kill X 2017-03-02 20:35:12 TBB: so in the future we'll have to deal with BOTH 2017-03-02 20:35:32 TBB: that's worth than nothing. 2017-03-02 20:35:36 *worse 2017-03-02 20:36:07 TBB: i'm not clear what the advantage of jolla is over maemo on my n900 2017-03-02 20:36:26 TBB: but i do have problems with the stupid freedesktop, dbus, etc. shit on the n900 2017-03-02 20:36:59 TBB: if i had to guess i'd assume jolla just took that bullshit further without any benefit. 2017-03-02 20:37:35 TBB: cause the n900 works JUST FINE, which is surprising considering that it's just debian shit with a few horrible GUI programs clamped on top 2017-03-02 20:37:50 speaking of dbus on a phone, these *wonderful* (/s) grandstream desk phones heavily rely on dbus and you can really feel the latency on every single action 2017-03-02 20:37:59 keypress to dial? that's a dbus signal 2017-03-02 20:38:00 scv: hahaha 2017-03-02 20:38:27 i busted open the firmware to see why they performed so poorly and subsequently lost the contents of my stomach 2017-03-02 20:39:13 scv: condolences 2017-03-02 20:39:18 :p 2017-03-02 20:40:00 hiro, I had plenty of love for the n900, simply because of the keyboard and a couple of usable apps for it. shamefull it wasn't quite as high quality as Nokias in general (the USB connector problem was just sad, just like the SIM slot problem) 2017-03-02 20:42:27 ACTION still uses his N900, even thought about putting Alpine on it. 2017-03-02 20:42:29 towards the end my n900 got slower and slower tho, it had to be factory reset to get back what responsiveness it had. that problem I've never had with Jolla, and as I said, I mostly appreciate Jolla for still providing the users with frequent security updates. then of course, the hardware quality and the production quality are even worse 2017-03-02 20:44:36 TBB: i agree about the quality, but for that time, the outer shell for example is quite sturdy 2017-03-02 20:44:50 TBB: i'd expect it was just lack of experience with micro-usb connectors 2017-03-02 20:45:00 TBB: i can't really blame them for doing this on purpose 2017-03-02 20:45:14 TBB: not sure what problem the sim slot has? 2017-03-02 20:47:47 it starts having problems keeping connection to the sim. a temporary fix was to place some paper between the battery and the back cover but after a year or two not even that pressed the sim to the contacts 2017-03-02 20:49:03 my first n900 had the micro usb problem but they replaced the unit very swiftly 2017-03-02 20:52:16 I even had the N950 for two months 2017-03-02 20:55:12 unfortunately it never made it to production; Nokia had learned from the N900 so the hardware was nicer, but since the software was mostly designed to run on the N9, it didn't receive much love for keyboard use 2017-03-02 20:55:22 but the keyboard was -nice- 2017-03-02 21:42:47 typing on a bb q10 here i agree the keyboard of n90 is shit 2017-03-02 21:43:46 well, I also had the earlier model, the N810. the keyboard in -that- was shit :D 2017-03-02 21:45:07 i also once tried n xperia x1 2017-03-02 21:45:15 still with fucking windows mobile 2017-03-02 21:45:54 ah, xperia. that'll probably be my next phone, once the official Sailfish integration is finished 2017-03-02 21:46:09 looking back i can finally understand why touchscreen shit eventually became so successful 2017-03-02 21:46:27 hiro: it's the least common normie denominator 2017-03-02 21:46:31 most common* 2017-03-02 21:46:57 back then i firmly believed hardware keyboards are superior 2017-03-02 21:47:17 (tbh i wish my phone had a hardware keyboard, i was so fast on it) 2017-03-02 21:47:24 BUT i hadnt tried a hardware keyboard that actually was superior until quite a few years later 2017-03-02 21:47:35 that only happened with the nokia e72 2017-03-02 21:47:55 I quite like the n900 one; sure, it wasn't ideal but it was good enough 2017-03-02 21:48:14 and yes, I considered it faster and overall better than any touchscreen keyboard 2017-03-02 21:48:17 the one in this q10 is much smaller and still more productive 2017-03-02 21:48:36 *than the one in the n900 2017-03-02 21:48:58 the only thing i'm missing is a hardware hangup button 2017-03-02 21:49:04 but thats a software problem 2017-03-02 21:49:16 they could've made the space key hang up calls 2017-03-02 21:50:01 but they are retards and just added a keyboard without enough consideration 2017-03-02 21:54:15 what do you think, would it possible to update the "phone with a hardware keyboard" concept into the current age? would it be worth it? 2017-03-02 22:02:29 what do you mean? 2017-03-02 22:02:33 it still exists 2017-03-02 22:02:48 there are android phones with hardware keyboards 2017-03-02 22:02:58 i just dislike android a lot :( 2017-03-02 22:03:23 its like linux is taking the worst features of android and windows and making a userland like that 2017-03-02 22:03:37 so in the end it won't even matter any more 2017-03-02 22:04:51 but right now for example i'm just using the web browser and a terminal with ssh on my phone 2017-03-02 22:05:28 ah. I have to admit I haven't been paying close attention to the phone market lately. Android, well, if you actually could install a proper userland and a shell in one then it could even be useful... 2017-03-02 22:05:31 while i'd rather have a simple userland to automate more shit so i can use beter, native interfaces for shit on the phone 2017-03-02 22:05:38 TBB: prize for kb on mobile device goes by far to the psion 5. i have one and i think it still works. and supposedly there's a new modern iteration of it in the works https://www.theregister.co.uk/2017/02/28/inside_the_new_psion_gemini/ 2017-03-02 22:06:22 the psion 5 was a truely remarkable device imo 2017-03-02 22:06:36 avih: better than e72 or bb passport/q10/classic ? 2017-03-02 22:06:44 i never tried it 2017-03-02 22:06:51 not familiar with those 2017-03-02 22:07:17 cause for me q10 is favorite hardware for a phone right now 2017-03-02 22:09:29 well, the psion 5 is about 20 years old now :) so it doesn't give a fight in terms of modern hw :) 2017-03-02 22:11:42 its form factor is still good today though imho, though it's a tad heavier than what a modern take would be, and the screen is highly outdated (~6" 640x240 16 grays iirc) 2017-03-02 22:12:59 the kb still wasn't outclassed imo 2017-03-03 05:22:06 Hi, I've successfully installed a Alpine chroot on my phone bit I was wondering what package I have to install to use adduser or useradd? 2017-03-03 05:34:24 b 2017-03-03 05:36:52 HazWard: adduser is busybox, and i _think_ for useradd you need the package "shadow" 2017-03-03 05:38:35 I just realized I forgot to modify my $PATH 2017-03-03 05:38:43 avih: I have access to adduser now 2017-03-03 10:59:33 avih: looked at images finally 2017-03-03 10:59:38 avih: seems like a real keyboard 2017-03-03 10:59:46 avih: i can imagine that being better than my phone :) 2017-03-03 11:09:26 hiro: https://www.youtube.com/watch?v=RtWSqJToN6I :) 2017-03-03 11:12:15 it's indeed a very real kb, albeit a small one :) 2017-03-03 12:14:30 <^7heo> at least you're not a troll. 2017-03-03 12:17:59 <^7heo> avih: any OS that runs on this machine? 2017-03-03 12:18:12 <^7heo> (other than the stock) 2017-03-03 12:41:05 when running "su" in my alpine chroot I get this error: su can't set groups Connection refused. The root user is the owner and has r,w,x rights in this file. Did I break something? Also when I start sshd, it shows initgroup on the client but then I lose connection 2017-03-03 12:57:34 ^7heo: a troll? 2017-03-03 12:58:35 <^7heo> hiro: sorry, it took me time to realize I was answering to a quit message. 2017-03-03 12:58:54 <^7heo> peckac happens obviously. 2017-03-03 12:59:00 ^7heo: ahaha, i don't see them 2017-03-03 12:59:26 avih: good video. i like that it has cursor keys also 2017-03-03 12:59:52 nowadays it might be worth putting an e-ink display on this kind of device 2017-03-03 13:00:08 i want a greyscale computer 2017-03-03 13:00:23 <^7heo> why? 2017-03-03 13:00:30 <^7heo> because it's more hype? :P 2017-03-03 13:00:46 no, people waste too much time with images 2017-03-03 13:00:47 <^7heo> hiro: basically the quit message wrapped around at a point that looked to me like a nick, and a message. 2017-03-03 13:00:56 <^7heo> images are important too. 2017-03-03 13:01:00 <^7heo> there's not only text. 2017-03-03 13:01:12 when i get google talk messages from friends i always respond i can't open images 2017-03-03 13:01:18 cause it gets relayed to irc for me 2017-03-03 13:01:33 and the image link is always to some google plus shit that you need to log in and make a google+ account first to see it 2017-03-03 13:01:59 when people want to write me sms it doesn't work cause i have a landline. so they can write a letter, mail or irc message instead :P 2017-03-03 13:02:07 <^7heo> yeah, I don't use google talk 2017-03-03 13:02:09 i also accept phone calls 2017-03-03 13:02:09 <^7heo> problem solved. 2017-03-03 13:02:21 i only use google talk because it's built into bitlbee 2017-03-03 13:02:37 and bitlbee is still installed from the time where people insisted in talking via icq/msn/aim 2017-03-03 13:02:37 is google-talk the same as hangouts? 2017-03-03 13:02:37 <^7heo> you can use skype with bitlbee too... 2017-03-03 13:02:41 c00kiemon5ter: yes 2017-03-03 13:02:51 ^7heo: might be, i had once set it up in my freeswitch 2017-03-03 13:02:58 ^7heo: but they fucked it up, so i gave up on skype, too. 2017-03-03 13:02:59 can you have otr on top of that? 2017-03-03 13:03:08 c00kiemon5ter: i do have otr on top of anything in irc 2017-03-03 13:03:14 c00kiemon5ter: there's irssi-otr 2017-03-03 13:03:29 yep, but there's no my-irc-client-otr yet :P 2017-03-03 13:03:35 c00kiemon5ter: if people write me google talk messages with irssi-otr it's encrypted 2017-03-03 13:03:57 c00kiemon5ter: i haven't mentioned the bitlbee otr plugin, because plainly it sucks ass 2017-03-03 13:04:02 is google-talk still jabber/xmpp? 2017-03-03 13:04:04 c00kiemon5ter: but it exists 2017-03-03 13:04:22 yes, I use it from time to time over jabber 2017-03-03 13:04:24 c00kiemon5ter: i interface with googletalk/hangout people via jabber, yes 2017-03-03 13:04:38 good to know, thanks 2017-03-03 13:05:06 i quite like that people have to figure out a way to reach me that doesn't involve any of that modern fad bullshit 2017-03-03 13:05:23 normally they only waste time with their sms/whatsupp messages anyway 2017-03-03 13:05:29 has anyone looked into apps like riot.im , the matrix protocol, signal and all the things around it.. ? 2017-03-03 13:05:34 cause they are bored in public transport or something 2017-03-03 13:05:41 c00kiemon5ter: i don't use apps. 2017-03-03 13:06:10 for a time while my x61 was broken i used a kindle as my main computer. 2017-03-03 13:06:17 i felt so much more productive. 2017-03-03 13:06:27 i learned shit, by reading plaintext, high-quality information 2017-03-03 13:06:44 my view is that since slack got traction, the instant-im apps went through a "boom" phase, along with the snowden revelations, and everything now wants to be the next secure thing 2017-03-03 13:06:48 i think books are the best transmission format for considerable amounts of information. 2017-03-03 13:07:01 and a greyscale display limits the means to just this right format. 2017-03-03 13:07:14 however that fragmented things so much, that one now needs 4 apps to talk with their friends etc 2017-03-03 13:07:22 c00kiemon5ter: but it's all on top of fucking android 2017-03-03 13:07:26 yep 2017-03-03 13:07:27 c00kiemon5ter: so there's nothing secure about it 2017-03-03 13:07:37 c00kiemon5ter: it's all lies. 2017-03-03 13:07:46 c00kiemon5ter: they'd send letters if they wanted REAL privacy 2017-03-03 13:07:58 c00kiemon5ter: but they actually prefer comfort and wasting their times 2017-03-03 13:08:25 c00kiemon5ter: smartphones are fun, new, shiny and can be used to distract from their boring lifes. 2017-03-03 13:08:46 if you mean written letters, that's not very private, but you can always use pgp that's proven to work 2017-03-03 13:09:14 i think it's much more secure to write physical letters than trying to use pgp on a badly-administered system 2017-03-03 13:09:27 computers aren't made for privacy 2017-03-03 13:09:34 it's all about where you put your trust 2017-03-03 13:09:49 it's technically much more viable to save everything you send via mail 2017-03-03 13:09:53 ofcourse both parties need to have the same security policies for it to work 2017-03-03 13:10:10 secpol / threat-model 2017-03-03 13:10:11 rather than carefully opening or scanning through your letter and trying to OCR the content 2017-03-03 13:10:17 it's a matter of scale 2017-03-03 13:10:43 physical letters only protect against mass surveillence, not individual surveillence obviously 2017-03-03 13:11:00 but i think once you fear the latter you should reconsider anyway 2017-03-03 13:11:13 well computers as devices have the fundumental flow, that you need to trust your hardware and firmware, until we can have viable open source alternatives 2017-03-03 13:11:13 and find a much better individually adjusted security concepty 2017-03-03 13:11:39 comm between devices is flawed, because the net is not designed for privacy 2017-03-03 13:11:54 c00kiemon5ter: i trust that they will save all low-bitrate comms that i generate with my internet-connected devices 2017-03-03 13:12:07 c00kiemon5ter: i'm sure they won't save my bittorrent traffice. 2017-03-03 13:12:10 c00kiemon5ter: because of scale. 2017-03-03 13:12:11 there are some ideas that protect privacy, namely mixnets, though you have other problems there 2017-03-03 13:12:41 c00kiemon5ter: but i also know that even a small letter with few, important and private sentences will probably not get picked out for inspection. 2017-03-03 13:13:20 c00kiemon5ter: i think encryption can try to minimize the general exploitation risk 2017-03-03 13:13:28 c00kiemon5ter: but it doesn't really ensure much at all. 2017-03-03 13:13:30 well, it depends on your threat model - if you think you're being spied then you may not make that assumption 2017-03-03 13:14:06 if you're being spied on normally you should just visit your psychologist 2017-03-03 13:14:29 pgp tried to solve the integrity and confidentiality problem, and it does well, but it does not hide the parties that communicate 2017-03-03 13:14:41 tor hides the originating party 2017-03-03 13:14:50 c00kiemon5ter: pgp is pretty much unusable for the user 2017-03-03 13:14:59 c00kiemon5ter: irssi-otr is how it should have been done. 2017-03-03 13:15:05 a mixnet tries to hide (or fuzz) the communication between two parties 2017-03-03 13:15:09 c00kiemon5ter: try out the interface, it's enlightening. 2017-03-03 13:15:17 it all depends on what you're running away from 2017-03-03 13:15:32 there is no silver bullet - a one for all solution 2017-03-03 13:15:46 yes, pgp is pretty bad 2017-03-03 13:15:55 c00kiemon5ter: there is a silver bullet for what pgp is trying to solve, and that is the interface irssi-otr presents to me. 2017-03-03 13:15:57 generally security interfers with comfort :/ 2017-03-03 13:16:13 otr is nice, that's why I asked too 2017-03-03 13:16:27 otr in bitlbee sucks though, for example. 2017-03-03 13:16:43 c00kiemon5ter: it has to be the right technology *and* the right interface together. 2017-03-03 13:16:58 c00kiemon5ter: i'm not sure how secure OTR is technically today 2017-03-03 13:17:29 c00kiemon5ter: but i get to use it a lot more in semi-secure ways (even if the other side is unverified), because it's so much easier for everybody to set up. 2017-03-03 13:17:44 c00kiemon5ter: so non-nerds keep on talking *securely* to me. 2017-03-03 13:17:51 c00kiemon5ter: that's quite remarkable 2017-03-03 13:18:13 otr is supposed to be technically secure and viable, and forward secrecy ensures that even if you reveal a key or someone breaks a message, they must repeat the whole procedure for the next message 2017-03-03 13:18:28 yeah, i haven't read the code really. 2017-03-03 13:18:49 i don't consider anything flawless. But at least I'm quite sure this is better than all the recent hipster apps for android 2017-03-03 13:19:08 and i think it's quite conceivable that a noob installs an ubuntu with encrypted rootfs and gajim on top. 2017-03-03 13:19:56 i wish OTR was more widely used also 2017-03-03 13:20:03 for example it could work just fine via mail, too. 2017-03-03 13:20:16 you could reuse the same keys for all kinds of different transports 2017-03-03 13:20:50 well, for starters, it should be included and enabled by default in apps like pidgin or gajim etc 2017-03-03 13:20:54 for example if my internet breaks i could resume an OTR conversation via SMS with the same key, IF this was supported by software on all sides. 2017-03-03 13:21:09 <^7heo> hiro: have you tried Tox btw? 2017-03-03 13:21:10 tormessenger (by the guys that do torbrowser) does that 2017-03-03 13:21:12 nope 2017-03-03 13:21:18 ^7heo: was it the web thing? 2017-03-03 13:21:26 iirc, tox was started by a guy from the suckless community 2017-03-03 13:21:44 or at least I remember talking with him on #suckless 2017-03-03 13:22:16 and I think tox has gotten big nowadays, it supports video chat etc 2017-03-03 13:22:46 <^7heo> hiro: it's an experimental protocol, that works pretty well 2017-03-03 13:22:56 <^7heo> hiro: but unfortunately requires quite some bandwith to work correctly 2017-03-03 13:22:58 yeah, that's the one, tox.chat 2017-03-03 13:23:12 <^7heo> hiro: so on mobiles, it's really irrealistic for now. 2017-03-03 13:28:04 hmm, I can't find that app I was thinking -mobile app peer-to-peer and encrypted- but ricochet does that and seems to have progressed 2017-03-03 13:29:47 and then there's ring.cx by gnu 2017-03-03 13:29:56 anyway, I'm going back to work 2017-03-03 13:29:58 cu later o/ 2017-03-03 13:30:47 <^7heo> c00kiemon5ter: P2P and mobile don't mix well. 2017-03-03 14:04:33 hiro: it runs epoc, which later became symbian. iirc it could run some linux at the time but take into account that it's a 20 yo device so ram is scarce (8/16/24 depending on model) and the cpu is 18/36 Mhz. but it runs a sinclair spectrum emulator just fine :p 2017-03-03 14:05:46 (i.e. this device is where symbian came from) 2017-03-03 14:09:55 nice 2017-03-03 14:10:10 ^7heo: ^ sorry. but this is by the same guy who designed the form factor and kb, apparently modern but in a similar form factor https://www.indiegogo.com/projects/gemini-pda-android-linux-keyboard-mobile-device-phone and early backers price is damn fine, if you're willing to gamble on it. supposedly first devices will ship in 2017 2017-03-03 14:10:15 the best thing on my symbian phone was the excellent voip implementation and the putty port :D 2017-03-03 14:10:57 i still haven't found something that got near to these functionalities 2017-03-03 14:11:29 what's the policy to bump testing packages into releases? 2017-03-03 14:12:10 hiro: it has rs232 and a terminal iirc, though at the time i didn't have anywhere specific to ssh into :) 2017-03-03 14:12:21 of course :) 2017-03-03 14:12:27 <^7heo> avih: 8 what? KB? 2017-03-03 14:12:30 <^7heo> avih: or MB? 2017-03-03 14:12:37 <^7heo> (I hope for the latter) 2017-03-03 14:12:44 8mb ram, 18mhz cpu (arm) 2017-03-03 14:13:11 later model doubled both in the same form factor (5mx) 2017-03-03 14:13:26 i have a first gen psion 5 2017-03-03 14:13:28 <^7heo> with 24 MB 2017-03-03 14:13:34 <^7heo> there would be a way to boot a BSD on it. 2017-03-03 14:13:46 <^7heo> for sure. 2017-03-03 14:13:49 <^7heo> but not really X :D 2017-03-03 14:13:57 i'm quite sure it was possible to boot some linux on it 2017-03-03 14:14:41 http://www.adrianjwells.freeuk.com/ and http://linux-7110.sourceforge.net/ 2017-03-03 14:15:07 <^7heo> okay I'll check your indiegogo link 2017-03-03 14:17:11 the indigogo one is modern android hw with a phone and also supports linux. and 4G ram 2017-03-03 14:43:51 Can I enable w and last in alpine? If so, how? 2017-03-03 14:44:36 tw: procops 2017-03-03 14:44:50 procps* 2017-03-03 14:44:59 I don't quite like the /bin/top and /bin/free 2017-03-03 14:45:41 already installed: last: couldn't open file '/dev/null/wtmp': Not a directory 2017-03-03 14:46:38 Additionally, /var/log/wtmp isn't updated when users log in/out 2017-03-03 14:46:54 Huh? 2017-03-03 14:47:03 Mine isn't as well. 2017-03-03 14:47:52 I might be completely wrong regarding this, but ... musl issue, not supported 2017-03-03 14:48:12 Huh? 2017-03-03 14:48:19 How come related to musl? 2017-03-03 14:48:30 We shouldn't just blame musl right? 2017-03-03 14:48:31 Google search agrees with that assessment. Does not implement wtmp/utmp stubs. 2017-03-03 14:48:37 <_ikke_> musl does not support wtmp 2017-03-03 14:48:53 <_ikke_> they see it as a privacy breahc 2017-03-03 14:48:55 <_ikke_> breach 2017-03-03 14:50:26 Oh 2017-03-03 14:50:39 Musl does not support tons of things though. 2017-03-03 15:14:01 hm. I do remember what to do to get lspci to list device names, but not how to make lsusb do the same thing 2017-03-03 15:14:36 pciutils and hwdata-pci did the former, but hwdata-usb and usbutils didn't quite get there 2017-03-03 15:19:04 Hello, I've tried to find the solution to my issue but I could find anything, when I run the su command I get an error saying that I can't set groups. I used chmod and chown to set the correct permissions but nothing seems to work. Do you guys have any suggestions? 2017-03-03 15:19:35 you're inside a container without the right capabilities ? 2017-03-03 15:22:46 Haha 2017-03-03 15:22:52 HazWard: Blame grsec 2017-03-03 15:23:47 echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_chmod 2017-03-03 15:24:48 ^^^^ HazWard do this outside the chroot 2017-03-03 15:26:35 HazWard: If you want to keep it persistant. 2017-03-03 15:26:59 Write something like grsec.chroot_deny_chmod=0 in /etc/sysctl.conf or /etc/sysctl.d/local.conf 2017-03-03 15:36:13 oh ok pickfire and yGweSm1OzVHe, I added a file for sysctl and I rebooted my device, I'll try to enter the chroot and use su 2017-03-03 15:37:52 Oh gg 2017-03-03 15:38:02 HazWard: kernel.grsecurity.chroot_deny_chmod = 0 2017-03-03 15:38:03 Sorry 2017-03-03 15:38:17 I set that in /etc/sysctl.d/10-lxc.conf 2017-03-03 15:38:38 Well, it can be switched on the fly by 2017-03-03 15:38:55 sysctl -w kernel.grsecurity.chroot_deny_chmod=0 2017-03-03 16:06:01 naja keeping this persistent is not a good idea makes breaking out of chroots much easier 2017-03-03 16:29:58 How do I create a package that allows me to be either depend on python2 or python3? 2017-03-03 16:48:45 <@_ikke_> they see it as a privacy breahc << more like unnecessary security exposure if I recall; non-root processes having to write to common log file 2017-03-03 18:38:39 Does anyone know how I can compile a go app for musl under ubuntu ? 2017-03-03 18:40:02 I 2 identical arm boxes, one running ubu and one alpine. The ubuntu one has golang installed (because I´m too lazy to compile golang for alpine). Now I want to compile a go app for arm+musl instead of libc. I allready have musl.musl-tools and musl-dev installed 2017-03-03 18:41:27 golang isn't in the alpine/arm repos? 2017-03-03 18:49:07 glibc* 2017-03-03 18:59:19 hi, I'm trying to run backuppc, but it always fails with this error "Unescaped left brace in regex is deprecated, passed through in regex; marked by". It seems to be the same bug like this: https://bugs.launchpad.net/ubuntu/+source/backuppc/+bug/1570987 2017-03-03 19:59:20 Peasant65, go is available in edge 2017-03-03 22:40:18 Hi! 2017-03-03 22:40:43 How to build vmlinuz from alpine if I want to package it with one my app? 2017-03-04 02:33:17 Guys if i installed on a Virtualbox VM my alpine which video driver should i use?. 2017-03-04 02:47:17 dirac2: vesa works for me out of the box, albeit limited to 1024x768 2017-03-04 02:48:23 welshjf, thanks, i'll try it. 2017-03-04 09:45:02 Hello everyone :) 2017-03-04 09:47:22 Good evening rollniak. 2017-03-04 12:22:34 ölm 2017-03-04 15:15:49 Weird, how come python2 is a dependency of gdb? 2017-03-04 15:18:22 because gdb added the ability to script it with python... 2017-03-04 15:18:25 gdb can utilize python 2017-03-04 15:18:55 it would be nice if there were a gdb-nopython package... 2017-03-04 15:19:13 or if the dependency could somehow be optional at runtime 2017-03-04 15:19:18 most users have no use for this 2017-03-04 15:22:40 Yeah, but I don't want python2, how come not pythonn3? 2017-03-04 15:22:47 Looks like gdb depend on so:libpython2.7.so.1.0 2017-03-04 15:23:35 I think I can just switch to makedepends="python3-dev" 2017-03-04 18:17:08 does one of you use thin pools on alpine or lvm ssd cache in general? 2017-03-04 19:22:10 I didn't even know there's such a thing as lvm ssd cache! 2017-03-04 19:27:30 it's all via thin pools which i'm not sure is for better 2017-03-04 19:28:03 thin pools are fragile immature code, on rhel it's ok-ish now, and since we're generally closer to upstream it _could_ be ok 2017-03-04 19:28:06 idk :) 2017-03-04 19:28:19 does that sound like a musl issue to you: 2017-03-04 19:28:19 make[1]: Entering directory '/usr/src/linux-headers-4.4.52-0-grsec' 2017-03-04 19:28:19 CC [M] /root/4.0.588/driver/unm_nic_main.o 2017-03-04 19:28:19 /root/4.0.588/driver/unm_nic_main.c:67:24: fatal error: asm/system.h: No such file or directory 2017-03-04 19:28:23 #include 2017-03-04 19:28:39 i have a nic that is simply DEAD and all because it needs a fw update 2017-03-04 19:28:52 just fw update would need some rhel distro it seems 2017-03-04 19:30:01 Since Linux 3.4 asm/system.h is not present 2017-03-04 19:30:02 anymore. Remove inclusion of 2017-03-04 19:30:03 oh 2017-03-04 19:30:06 well 2017-03-04 19:32:57 ok i learned a lot about C code from hw vendors today, more than i could fix :) 2017-03-04 19:33:34 <_ikke_> sad 2017-03-04 19:34:13 <_ikke_> I switched from broadcom to intel 2017-03-04 19:34:20 i need to remove that nic, take it home, patch there with some rhel thing, take back 2017-03-04 19:34:32 yeah, i think i should really get rid of the whole server 2017-03-04 19:34:45 it's still good perf wise though, so i don't like the idea too much 2017-03-04 19:35:00 <_ikke_> right 2017-03-04 19:37:18 the driver is from ex-netxen, now qlogic, i see about 200 warnings and errors *g* 2017-03-04 19:37:42 maybe i can convince a colleague to help me with fixing them so i learn something 2017-03-04 19:37:53 any other purpose that thing needs to just go to the bin 2017-03-05 01:24:01 hi, I'm trying to install alpine on a linux softraid (md). I booted the live media, set up the array manually as md0, and created a partition table on it. /sbin/setup-disk doesn't detect it though. is there something I'm not doing correctly? 2017-03-05 01:24:16 let me know what information I can provide 2017-03-05 01:27:48 I've been reading the wiki page of course, although it appears to be geared toward setting up a non-sys array on an existing system 2017-03-05 01:28:08 is there something special I need to do when setting it up as the sys disk from live media? 2017-03-05 01:31:16 https://wiki.alpinelinux.org/wiki/Setting_up_disks_manually ? 2017-03-05 01:33:23 oh, great :) 2017-03-05 01:50:31 wow, super simple. cheers! 2017-03-05 06:17:46 I am packaging googler, it's a python3 script. I have a way to reduce the script size by ~25%, just remove the comments and strip the empty lines, should I do it? 2017-03-05 06:17:59 It's a command line application not used by other apps. 2017-03-05 06:19:06 81970 -> 62677 2017-03-05 06:19:18 I didn't remove those multi-line comment with """ 2017-03-05 06:23:53 pickfire: unless it's a common practice to strip comments from packages which are mostly scripts - which i think is not the case, i'd leave it as is. also easier to figure out what changed when a new version comes in, if relevant (e.g. if there are some alpine-specific patches). 2017-03-05 06:24:20 Oh, okay. 2017-03-05 06:24:51 avih: By the way, when will the libintl thing be fixed? It's causing a lot of trouble in a few packages that I wanted to create. 2017-03-05 06:25:00 fcitx, ledger, cryptsetup (upgrade) 2017-03-05 06:26:57 no clue. also re stripping comments, i just peeked at pip and hg (mercurial) - as installed by apk, and the comments are not stripped. 2017-03-05 06:27:48 298 wget -q -s "$uri" || return 1 2017-03-05 06:27:52 I see a but in abuild 2017-03-05 06:27:54 bug* 2017-03-05 06:28:10 wget have -s? 2017-03-05 06:55:20 Good evening -- for anyone interested I just pushed the lated revision of my rewrite of mkimage to github. See https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-05 06:55:23 Now supports generating ssh keys and autostart features/overlays! 2017-03-05 12:21:13 Hello. Do I need modloop if all modules are loaded with initramfs? What is this modloop anyway? 2017-03-05 15:08:54 i found something with my mystery nic 2017-03-05 15:09:02 Analyze this lineMar 1 00:07:26 kernel: [31587660.148505] netxen_nic 0000:01:00.0: 128MB memory map 2017-03-05 15:09:05 Analyze this lineMar 1 00:07:26 kernel: [31587660.150998] netxen_nic 0000:01:00.0: unified image: product validation failed 2017-03-05 15:09:08 Analyze this lineMar 1 00:07:26 kernel: [31587660.156371] netxen_nic 0000:01:00.0: Direct firmware load for nxromimg.bin failed with error -2 2017-03-05 15:09:11 seems ... it ... 2017-03-05 15:09:28 just needs a pci id hack somewhere in the driver and then the OSS driver can fix the shitty fw too 2017-03-05 18:36:09 Hi! trying to install lizardfs...my master server is on centos the rest of the chunk, cgi, etc are on alpine linux vm's spread out over multiple hosts. Is there any directions for compiling lizardfs on alpine-linux or packages for it? I don't seem to find them searching online at the repository search engine...thanks in advanc 2017-03-05 18:36:18 s/advanc/advance 2017-03-05 18:47:41 doesn't look like Alpine packages it right now 2017-03-05 18:47:49 the best shot at trying to compile it for Alpine is just... compiling it :) 2017-03-05 18:48:14 if you run into any difficulties, we can try to help you (or the kind people at #musl depending on the issue) 2017-03-05 19:15:49 Hello everyone :P 2017-03-05 19:15:56 hola 2017-03-05 20:14:40 ok Shiz, thanks for confirming...unfortunately the amount of directions with lizardfs is small 2017-03-05 20:14:55 I guess we will see 2017-03-05 21:08:47 hi trying to compile lizardfs getting error CMake Error at .../FindPackageHanldeStandarArgs.cmake could NOT find FUSE missing FUSE_LIBRARY FUSE_INCLUDE_DIR 2017-03-05 21:08:56 anyone able to help...thanks in advance 2017-03-05 21:14:23 seems like you want to install fuse-dev 2017-03-05 21:14:26 as it implies 2017-03-05 21:15:19 tried that must be a path problem then 2017-03-05 21:50:31 is it just me or is there no "download this package" button on the pkgs.alpinelinux.org site? 2017-03-05 21:50:49 (yes I realise normally people wouldn't need to do this, but I wanted to look at an alpine package but from a non-alpine system) 2017-03-05 21:55:43 yeah, there isnt 2017-03-05 21:56:13 shouldn't be hard to add, but i can't do it 2017-03-05 21:58:18 ok then 2017-03-05 23:18:19 Does Wiki has an article on how to create custom vmlinuz and initrd with alpine linux? 2017-03-05 23:26:13 you can find how the kernel is made in aports, and for initrd you mostly want to look at /etc/mkinitfs/features.d/ (if I remember the path correctly) 2017-03-05 23:26:37 in other words, I can't remember if there's a wiki page for that; probably yes 2017-03-05 23:35:42 Thank you TBB, I will look there 2017-03-05 23:45:45 TBB I need to take alpine linux and create custom vmlinuz/initrd where alpine will be launched with one additional service. Where should I look? 2017-03-05 23:47:15 you could add the files required to your own feature file and start the service in a customized early init script 2017-03-05 23:48:01 you that mkinitfs script? 2017-03-05 23:48:01 you can find the original init script in /usr/share/mkinitfs/, so you could add the startup there and then tell mkinitfs to include your own init instead of the stock one 2017-03-05 23:48:05 *mean 2017-03-05 23:48:37 so I will have to take alpine vmlinuz as it is but use my custom initrd generated by mkinitfs, correct? 2017-03-05 23:48:56 for what you described you want to do, basically, yes 2017-03-05 23:49:39 thank you! 2017-03-05 23:49:42 naturally if you want your kernel to be different, nothing stops you from doing that either 2017-03-05 23:54:44 I think I am fine with alpine kernel as it is. I just need few things to be installed and launched 2017-03-06 05:34:13 the extended iso doesn't match the sha256 2017-03-06 05:38:53 https://www.irccloud.com/pastebin/K3tNeWpl/ 2017-03-06 09:32:14 Hi! I'm trying to start elasticsearch after I installed the package with apk, but I simply cannot find out how 2017-03-06 09:32:18 the bin folder is missing 2017-03-06 09:32:42 I have a /etc/init.d/elasticsearch but I'm not running the rc init system (trying to keep it as basic as possible atm) 2017-03-06 09:32:52 A hint would be awesome :) 2017-03-06 09:39:31 According to the package online there should be a bin-folder but I can just find a lib and a module folder (https://pkgs.alpinelinux.org/package/edge/community/x86/elasticsearch) 2017-03-06 10:24:11 Hello... 2017-03-06 10:25:24 How can I map network interface names to MAC's in Alpine 3.5.1 ? I (think) I had /etc/mactab and /etc/mdev.conf in 3.2.3, but can't find that on 3.5.1 ... 2017-03-06 10:37:50 lilleman - /usr/share/java/elasticsearch/bin 2017-03-06 12:37:55 is zfs usable atm? 2017-03-06 12:38:03 non-root just data 2017-03-06 13:23:51 alpine-extended-3.5.2-x86_64.iso -broken? 2017-03-06 13:33:24 <^7heo> m4: #define broken 2017-03-06 13:35:32 ^7heo: just tested alpine-extended-3.5.2-x86.iso and it works 2017-03-06 13:35:51 but x86_64 failed to boot ( bad arcive while apk trying to unpack 2017-03-06 13:39:09 <^7heo> m4: I assume you wanted to write "bad archive" 2017-03-06 13:39:20 <^7heo> m4: what did you do, exactly, and when did that happen? 2017-03-06 13:39:21 yea... 2017-03-06 13:39:41 ^7heo: nothing, just try to boot iso 2017-03-06 13:40:03 <^7heo> so 2017-03-06 13:40:14 <^7heo> you: 2017-03-06 13:40:28 <^7heo> 1. downloaded the iso from www.alpinelinux.org 2017-03-06 13:40:33 <^7heo> 2. burned the iso on a CD 2017-03-06 13:40:33 y 2017-03-06 13:40:35 no 2017-03-06 13:40:38 <^7heo> ah, see? 2017-03-06 13:40:40 qemu -iso 2017-03-06 13:40:48 <^7heo> I'm asking what you did because it matters. 2017-03-06 13:40:54 <^7heo> we don't know yet what's the problem 2017-03-06 13:41:02 <^7heo> but without proper description, we won't help. 2017-03-06 13:41:05 <^7heo> not that we don't want to... 2017-03-06 13:41:08 <^7heo> ...but we cannot. 2017-03-06 13:41:22 ^7heo: I just wget & qemu iso 2017-03-06 13:41:30 only extended x86_64 version failed 2017-03-06 13:41:48 vanilla works, also x86 for extended 2017-03-06 13:42:50 so it looks something goes wrong with that iso 2017-03-06 13:43:39 used https://nl.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-extended-3.5.2-x86_64.iso t https://nl.alpinelinux.org/alpine/v3.5/releases/x86/alpine-extended-3.5.2-x86.iso 2017-03-06 13:44:45 <^7heo> does "t" mean "and"? :P 2017-03-06 13:44:56 yes 2017-03-06 13:44:59 <^7heo> ok :D 2017-03-06 13:45:08 just typo while c/p 2017-03-06 13:45:13 <^7heo> ACTION is becoming good at guessing 2017-03-06 13:45:22 <^7heo> yeah no worries ;) 2017-03-06 13:46:25 <^7heo> so, you start qemu with `qemu -iso alpine-extended-3.5.2-x86_64.iso`, and next thing you know, before you interact with it in ANY WAY, it crashes on the "bad archive while apk trying to unpack"? 2017-03-06 13:46:48 no ended with /sbin/init failed 2017-03-06 13:47:07 I saw BAD ARCHIVE while musl trying to install in /sysroot 2017-03-06 13:47:37 <^7heo> Damn, you're challenging me at guessing again ;) 2017-03-06 13:47:57 ^7heo: heh,. maybe simple to start qemu -iso ? :) 2017-03-06 13:48:03 <^7heo> no 2017-03-06 13:48:06 <^7heo> I'm at work 2017-03-06 13:48:13 <^7heo> and i'm not paid to troubleshoot alpine. 2017-03-06 13:48:21 ok 2017-03-06 13:48:23 <^7heo> I'm just being here out of courtesy, in case I can fix something. 2017-03-06 13:48:32 I just hop here to check if alone with this problem 2017-03-06 13:48:38 <^7heo> but since you're not putting much effort into helping yourself being helped... 2017-03-06 13:48:47 <^7heo> I don't see why I should go the extra mile on my employer's time. 2017-03-06 13:49:21 ^7heo, rather than chastizing a user trying to get help it would be nicer to just advise to wait for someone else 2017-03-06 13:49:32 it's certainly reasonable that you can't spend your employer's time on this 2017-03-06 13:49:39 <^7heo> dalias: do you expect to have a better chance at guessing what's wrong without info? 2017-03-06 13:49:51 <^7heo> I mean, it's really frustrating not to have more info than "it broke" 2017-03-06 13:49:58 no, but someone else might have time for some hand-holding 2017-03-06 13:50:05 <^7heo> of course you can try to reproduce the bug yourself 2017-03-06 13:50:11 <^7heo> but chances are that it's not easy. 2017-03-06 13:50:14 <^7heo> yeah ok. 2017-03-06 13:50:14 *nod* 2017-03-06 13:50:22 <^7heo> you make a valid point. 2017-03-06 13:50:30 ^7heo: why you think so? 2017-03-06 13:50:38 <^7heo> sorry for being edgy, m4; just wait for someone else. 2017-03-06 13:50:50 <^7heo> m4: because based on the information I have 2017-03-06 13:51:20 <^7heo> m4: you might even be trying to boot alpine on qemu -iso on ubuntu on virtualbox on windows on xen on solaris on a sparc. 2017-03-06 13:51:31 <^7heo> I don't even know if you are doing that or not. 2017-03-06 13:51:40 ^7heo: ? 2017-03-06 13:51:58 <^7heo> you just wrote the bare minimum info that was asked, leaving any detail to the fantasy of the person who would help. 2017-03-06 13:52:17 <^7heo> and I'm trying to tell you that people don't necessarily have the time or the patience to do that. 2017-03-06 13:52:24 <^7heo> and right now, I have to do something else. 2017-03-06 13:52:25 what you want a book about iso don't boot? 2017-03-06 13:52:37 I tried on real box and then checked with qemu 2017-03-06 13:52:45 <^7heo> I'm not the one having a problem to boot an iso and explaining what is wrong. 2017-03-06 13:52:56 x86 version work, vanilla ... and you need more info?? 2017-03-06 13:53:10 <^7heo> yeah. 2017-03-06 13:53:16 <^7heo> Read on how to report a bug. 2017-03-06 13:53:19 <^7heo> it's not "shit broke" 2017-03-06 13:53:23 <^7heo> by a long shot. 2017-03-06 13:53:29 <^7heo> now, I'm away. 2017-03-06 13:54:41 <^7heo> (and just as a last comment: "I tried on real box and then checked with qemu". That's something you didn't say before you started trolling me) 2017-03-06 13:56:08 m4: post the exact command[s] you run, then what error messages (or crashes) you get, etc. 2017-03-06 13:56:44 "broken" could be a 1000 different things. 2017-03-06 14:03:56 avih: I did nothing expect download iso , and run 2017-03-06 14:04:07 only extended x86_64 version failed 2017-03-06 14:04:26 ERROR: musl-1.1.15-r6: BAD archive 2017-03-06 14:04:48 ERROR: busybox-1.25.1-r0.post-install: script exited with error 1 2017-03-06 14:04:49 that's the first message you see after you boot the iso? 2017-03-06 14:04:54 yes 2017-03-06 14:05:02 or does it make some progress and then display this message? 2017-03-06 14:05:03 if left quiet 2017-03-06 14:05:48 m4: was it you who mentioned a sha mismatch? 2017-03-06 14:07:15 no, it wasn't you. try to check the sha256 sum. maybe some mirror got a corrupt image 2017-03-06 14:13:18 tnx avih 2017-03-06 14:13:40 did you find the issue then? 2017-03-06 14:13:56 http://dl-3.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-extended-3.5.2-x86_64.iso <--correct sha 2017-03-06 14:14:23 https://nl.alpinelinux.org/alpine/v3.5/releases/x86_64/alpine-extended-3.5.2-x86_64.iso <--broken 2017-03-06 14:14:41 and the one with correct sha works? 2017-03-06 14:15:03 yes 2017-03-06 14:15:07 works without problem 2017-03-06 14:15:15 so obviously problems with mirrors 2017-03-06 14:15:19 k 2017-03-06 14:16:10 ncopa: ^ corrupt image on the nl mirror 2017-03-06 14:16:40 <^7heo> don't we have a hash checking after mirroring? 2017-03-06 14:17:30 m4: just in case, did you try downloading it again? maybe your download is corrupt but ok on the mirror itself? 2017-03-06 14:17:42 <^7heo> imho that is more likely. 2017-03-06 14:18:03 ^7heo: he's the second user reporting a sha mismatch 2017-03-06 14:18:18 <^7heo> yeah, ISPs fuckup regularly. 2017-03-06 14:18:27 today 2017-03-06 14:18:30 <^7heo> ah. 2017-03-06 14:18:49 <^7heo> then we have to prompt ncopa for a hash-check after mirror sync. 2017-03-06 14:18:56 <^7heo> which I thought we would have 2017-03-06 14:19:11 <^7heo> but at the same time, our infra isn't exactly unified :P 2017-03-06 14:19:22 <^7heo> so I wouldn't be surprised if stuff would be amiss. 2017-03-06 14:21:45 i'm getting diff sha256: 9bfa18611526e76e105ae64daef2bfee34b84a23e030eb4ccc7f36b8e5f23b54 on the nl one and f5d2d5dc518c070a3b34e0787386744326177c1d61717bedf52e780e7b549954 on the main one. 2017-03-06 14:22:04 so likely a corrupt image and not an isp issue 2017-03-06 14:22:39 s/main/dl-3/ 2017-03-06 14:33:31 avih: tried several times... (was not single shoot 2017-03-06 14:33:54 yeah, i can reproduce mismatched sha on the nl one 2017-03-06 14:34:40 I think yday download from diff mirror ( but can't find which one 2017-03-06 14:35:13 so perphaps one more mirror affected 2017-03-06 15:19:11 avih: thanks for reporting that, im checking all of the images now 2017-03-06 15:19:28 k 2017-03-06 15:19:51 alpine-extended-3.5.0_rc3-x86_64.iso: FAILED 2017-03-06 15:19:51 sha256sum: WARNING: 1 of 1 computed checksums did NOT match 2017-03-06 15:20:01 alpine-extended-3.5.2-x86_64.iso: FAILED 2017-03-06 15:20:01 sha256sum: WARNING: 1 of 1 computed checksums did NOT match 2017-03-06 15:20:10 :/ 2017-03-06 15:20:21 4 of them failed 2017-03-06 15:20:34 i suspect its disk error of some sort 2017-03-06 15:20:39 at least it's good to know ;) 2017-03-06 15:22:56 yes. thanks 2017-03-06 15:26:01 <^7heo> ncopa: don't we have automatic checking? 2017-03-06 15:29:54 no, we dont automatically check all the mirrors 2017-03-06 15:30:25 i suppose we could automatically verify the images on master mirror 2017-03-06 15:30:56 or we could check via cronjob or similar 2017-03-06 15:33:06 are they broken on master mirror? 2017-03-06 15:34:48 <^7heo> clandmeter: nah apparently only on secondaries. 2017-03-06 15:35:01 <^7heo> ncopa: can't we use the same process that updates the mirrors? 2017-03-06 15:36:50 ^7heo: we dont have control over all mirrors 2017-03-06 15:37:00 <^7heo> right. 2017-03-06 15:37:03 <^7heo> I tend to forget that. 2017-03-06 15:38:00 isn't there some mirroring "protocol" which includes checksums? 2017-03-06 15:38:59 maybe the master should have the checksums in some file/format (apparently other than the current checksum files, assuming there's such method) 2017-03-06 15:57:48 <^7heo> avih: I'd assume so yes. 2017-03-06 15:57:56 <^7heo> (about the protocols) 2017-03-06 16:00:53 if the issue is damaged disk though, then it could have gotten damaged after the clone, or even during the clone but the checksum would be from the cached version of the file (which just got written, so it might be fine) 2017-03-06 16:03:21 <^7heo> true. 2017-03-06 16:04:00 <^7heo> maybe sha*sum actually reads from disk 2017-03-06 16:04:25 <^7heo> (and by that I mean forces the kernel to drop the cache) 2017-03-06 16:08:14 that can't be done by a non-privileged process 2017-03-06 16:16:59 <^7heo> ah right. 2017-03-06 16:17:14 <^7heo> but then sha*sum could be suid 2017-03-06 16:17:20 <^7heo> and I didn't check that. 2017-03-06 16:19:05 so i guess a day or so after ISO updates, something central (in alpine's control) would verify all the mirrors. apk's are less of an issue since they include their own verifications. 2017-03-06 16:19:11 <^7heo> well, in Alpine, at least, it is a link to busybox, not to bbsuid. 2017-03-06 16:20:37 sha*sum doing that would be a clear violation of clean functionality boundaries 2017-03-06 16:24:36 <^7heo> dalias: possibly, but also returning more reliable results. 2017-03-06 16:27:13 that could be said about every single program 2017-03-06 16:28:06 it's not a valid argument for having every program override/suppress fs cache 2017-03-06 16:28:32 if you have a specific deployment need for that, you'd use a custom os configuration or custom os 2017-03-06 16:49:10 <^7heo> dalias: right 2017-03-06 17:14:58 did the musl fix for non-standard page-size finish propagating to alpine? 2017-03-06 17:17:43 <^7heo> hiro: now that dalias is around, it's a good time to ask ;) 2017-03-06 17:18:35 not sure; check git 2017-03-06 17:18:48 http://git.alpinelinux.org/cgit/aports/tree/main/musl/ 2017-03-06 17:18:51 looks like not :( 2017-03-06 17:19:56 the last real change was 11 days ago i guess 2017-03-06 17:20:14 now i know what to watch :) 2017-03-06 17:20:16 thanks. 2017-03-06 17:20:58 np 2017-03-06 17:25:05 Hey room 2017-03-06 17:31:02 i saw an open issue about nscd 2017-03-06 17:32:20 in general i made bad experiences with software interfacing the complexity hidden behind nscd :( 2017-03-06 17:32:57 i'd hope these kinds of interfaces that pull in all this crud would stay unsupported. 2017-03-06 17:33:35 you probably misunderstand 2017-03-06 17:34:46 dalias: very likely :) 2017-03-06 17:35:49 nscd was taken as the only existing protocol precedent for a configuration-free alternate backend for passwd/group db 2017-03-06 17:38:19 other options for allowing alt pw/grp backends would have required inventing new conventions for where special files/sockets/etc reside and how to interpret them 2017-03-06 17:38:46 and would not have facilitated being able to drop musl-linked binaries onto an existing glibc system 2017-03-06 17:40:34 sound 2017-03-06 17:42:29 we don't do any complex caching or use of other wacky record types over nscd 2017-03-06 17:42:38 it's purely used as a lookup protocol for pw/grp records 2017-03-06 17:43:29 ah, so the name doesn't fit so well any more 2017-03-06 17:43:48 i hoped this would be the case 2017-03-06 17:44:44 though the really frightening stuff might not be nscd itself but the database systems behind 2017-03-06 17:45:11 but i guess people really need this feature :( 2017-03-06 17:45:56 yes, ldap user backends are common in large institutions 2017-03-06 17:45:59 i also dislike the idea that coworkers are free to login to your machine 2017-03-06 17:46:03 in general... 2017-03-06 17:46:22 they wouldn't necessarily be 2017-03-06 17:46:32 it would be fine to have a *shared* system that everybody can log in to, but not each workstation 2017-03-06 17:46:42 you might just be using coordinated uids across all systems so that network shares can have meaningful permissions 2017-03-06 17:46:53 right 2017-03-06 17:46:59 passwd db does not grant login rights 2017-03-06 17:47:11 here for example i can just become any user because i have root perms 2017-03-06 17:47:18 so then i can access *every* network share :( 2017-03-06 17:47:27 well that's a broken setup 2017-03-06 17:47:33 yeah 2017-03-06 17:48:06 i'd rather have no pretense of security in the first place, then everybody would just not put sensitive/security-needing files in the first place 2017-03-06 17:48:13 but this way it *looks* secure, but isn't anyway. 2017-03-06 17:48:14 nfs is broken like that. samba/cifs less so 2017-03-06 17:48:35 nfs should basically just never be used. it's awful 2017-03-06 17:48:48 nfs basically makes your system including all workstations one big entity 2017-03-06 17:49:00 which means that /etc/passwd could just be served by nfs 2017-03-06 17:49:09 but they don't even do that, they pretend it's secure :( 2017-03-06 17:49:32 *more secure 2017-03-06 17:49:33 do you really want ls to parse a 100000-line passwd file once per line it prints? 2017-03-06 17:49:42 good point. 2017-03-06 17:49:47 (and even worse, do it over the network) 2017-03-06 17:50:05 small in my case here, but big corporations probably shouldn't use either nfs nor this large passwd file 2017-03-06 17:50:09 flat file does not scale beyond a few (hundred) users at most 2017-03-06 17:50:45 i've seen university setups where every staff, faculty member, and student, past or present, had a unique uid 2017-03-06 17:51:01 yeah, might be. networks got fast also, so perhaps it can work also in a company with 1000 entries 2017-03-06 17:51:17 but at this size you'd want more isolation anyway 2017-03-06 17:51:25 no sense in trusting everybody 2017-03-06 17:51:33 trusting everybody is not part of it 2017-03-06 17:51:38 rather, having unique ownership ids is 2017-03-06 17:51:43 (using nfs means you trust everybody) 2017-03-06 17:51:47 right 2017-03-06 17:51:50 nfs is awful 2017-03-06 17:52:15 but there are plenty of reasons for institution-wide shared user db that do not entail using nfs or letting anyone login to any machine 2017-03-06 17:52:22 and i could imagine sharing passwd via nfs if security wasn't important 2017-03-06 17:52:38 but if security isn't important individual workstations should just have individual passwd 2017-03-06 17:52:56 i think you have a serious misunderstanding 2017-03-06 17:53:03 passwd has nothing to do with access control 2017-03-06 17:53:11 s/isn't/is/ 2017-03-06 17:53:20 it maps user names to uids and info like realname, preferred shell, etc. 2017-03-06 17:53:48 well, it often comes with shadow :) 2017-03-06 17:54:04 and traditionally it had that jobn 2017-03-06 17:54:21 shadow does not support nscd backend in musl because there's no secure way to do it 2017-03-06 17:54:27 i just don't want to list passwd,group,shadow all the time 2017-03-06 17:54:32 you should not be using password authentication anyway 2017-03-06 17:54:40 hmm? 2017-03-06 17:54:46 i like passwords. 2017-03-06 17:55:57 you can use a password for logging into your own laptop/workstation console 2017-03-06 17:56:12 i know some people use their ssh key's keyphrase to unlock their computers :) 2017-03-06 17:56:14 but for remote logins they're really bad in terms of security properties and don't scale well 2017-03-06 17:56:39 pubkey should really be used for remote auth 2017-03-06 17:56:41 ah no, actually i guess they use their ssh key, but they input their keyphrase to allow it's decryption 2017-03-06 17:57:11 ah, and i agree with you. 2017-03-06 17:57:16 i only have passwords locally 2017-03-06 17:57:49 when i log into something else i just use public-key stuff 2017-03-06 17:58:45 back to the ssh stuff: it's some feature so you don't need both ssh keyphrase AND a login to your user account 2017-03-06 17:58:56 some pam plugin or something 2017-03-06 17:59:05 (i'd never use it obviously, but whatever :) 2017-03-06 17:59:24 that feature was amusing to me when i heard it 2017-03-06 18:05:14 another interesting sshkey+pam hack is requiring an authorized ssh-agent for remote sudo in addition to a password. 2017-03-06 18:07:34 This is interesting because you can use ssh-CA pubkeys in the system authorized_principals file and put lifetimes on ssh keys via certificates. 2017-03-06 18:12:39 hehe 2017-03-06 18:12:46 hackhackhackhack 2017-03-06 18:12:57 in the end all of this still scares me 2017-03-06 18:13:37 if there is no db that speaks a sane protocol there shouldn't be any support for such db imo :P 2017-03-06 18:13:54 but i'm late to the party, i found now an old thread from 2012 talking about this 2017-03-06 19:13:07 Hi, Help needed. hhvm-help, I'm very close to compiling HHVM on alpine linux (Edge). It fails when trying to compile webscalesqlclient due to a missing dependency libncurses5-dev. I've tried replacing it with ncurses5-libs to no success. Any hints? 2017-03-06 19:14:46 I've been on it for a week now when time permits, and I'm very close. It would nice to have HHVM on Alpine. 2017-03-06 19:23:50 hi, having again problems recovering a lvm install after a bad kernel update 2017-03-06 19:24:22 so I’ve booted from a live image, mounted the lvm root, /dev, /proc and /sys and chrooted 2017-03-06 19:25:08 I tried to fix the kernel but I get the error that it cannot access /dev/sda1 (which is the /boot partition) 2017-03-06 19:25:18 I even tried to fix it without chroot 2017-03-06 19:25:42 with apk -p /mnt fix linux-grsec but I get the same error about /dev/sda1 2017-03-06 19:26:13 I’m completelly lost as I was able to fix another machine without a hich 2017-03-06 19:27:36 dcb_: Have you tried unmounting boot first? 2017-03-06 19:28:29 dcb_: ...and do you have /proc, /dev, & /sys mounted? 2017-03-06 19:28:52 if I don’t mount it it will just install everything in the /boot folder and then fail with the message that it can’t access lv_root 2017-03-06 19:29:26 yep I have mounted /proc /dev and /sys in chroot 2017-03-06 19:29:44 dcb_: What tool are you using to try to install the bootloader? 2017-03-06 19:30:05 apk fix linux-grsec 2017-03-06 19:30:14 dcb_: I'm not much on the lvm side, but I might be able to figure it out.. 2017-03-06 19:30:43 dcb_: Is that running 'update-kernel' as expected? 2017-03-06 19:30:52 it’s really odd that on an identical machine I was able to fix it straight away 2017-03-06 19:31:33 And what is the contents of /etc/mkinitfs/mkinitfs.conf? 2017-03-06 19:32:03 I'm going to take a SWAG that lvm isn't enabled in the mkinitfs features -- check the features.d directory. 2017-03-06 19:32:38 yes, it is and at some point it just says extlinux: cannot open device /dev/sda1 2017-03-06 19:33:00 I’ll go check those, brb 2017-03-06 19:33:58 dcb_: the can't open device bit is odd.. can you (g)fdisk /dev/sda and see everything as expected? 2017-03-06 19:41:34 in chroot fdisk /dev/sda says operation not permitted 2017-03-06 19:42:08 also if I try to mount the boot while in chroot again doesn’t work 2017-03-06 19:42:34 it behaves as if I’m not root 2017-03-06 19:46:00 dcb_: I suspect grsec is the culprit there. 2017-03-06 19:46:31 dcb_: I'm sure there's a way of allowing it, but I can't say I know it off the top of my head. 2017-03-06 19:47:49 should I try with a vanilla live? 2017-03-06 20:00:57 dcb_: That might be an option, or just turn of grsec from the kernel command line. 2017-03-06 20:01:47 dcb_: I'm sure the 'right' way includes toggling things in securityfs or some such. I haven't had to worry about that particular issue yet :) 2017-03-06 20:20:59 yep, that did it. finally it’s fixed with vanilla live 2017-03-06 20:23:46 hi everyone! I'm looking to use alpine on rpi zero, is it there any way to enable ssh to be able to install remotely? 2017-03-06 20:25:07 dcb_ : Good deal! 2017-03-06 20:26:02 ganlub: I'm working on the image building system right now actually, with autogenerated ssh keys :) 2017-03-06 20:27:11 TemptorSent: sounds good! so at the moment I'll need keyboard/screen access right? 2017-03-06 20:28:51 ganlub: Once I actually have it working, you should be able to build an image and go -- but it's still a little ways off. 2017-03-06 20:31:09 TemptorSent: then I wish you good luck with that ;) I'm also new with all of this, I only used alpine with docker stuff 2017-03-06 20:31:47 ganlub : Tree here -- currently broken at random as major revision get done: https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage. 2017-03-06 20:32:13 ganlub: Part of the reason for the rewrite is to make generation of custom VM images easy. 2017-03-06 20:34:01 ganlub: I'm currently working on debugging / extending bootloader support. 2017-03-06 20:35:36 TemptorSent: it's a bit out of my scope.. I wish I could help 2017-03-06 20:36:39 ganlub: No worries -- I need testers on various archs to let me know what works and what doesn't once it stabilizes a bit. 2017-03-06 20:36:57 TemptorSent: I was just about to follow https://wiki.alpinelinux.org/wiki/Raspberry_Pi but then I realized that I'd need to enable ssh bc I don't have minihdmi to hdmi adapter for the rpi zero w 🤕 2017-03-06 20:37:09 TemptorSent: sure thing!!! 2017-03-06 20:53:53 dcb_: this is a better solution than plain vanilla kernel: echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_chmod 2017-03-06 20:54:50 noted. thanks! 2017-03-06 20:55:40 there's also other chroot settings in that directory, also for mknod and other stuff that might be useful during install/adding pkgs 2017-03-06 20:55:54 don't for get to enable the settings after you done 2017-03-06 21:12:38 BitL0G1c1: I have no "bin" in /usr/share/java/elasticsearch , I only have "lib" and "modules" 2017-03-06 21:12:53 The only thing I do is: 2017-03-06 21:12:58 docker --rm -it run alpine sh 2017-03-06 21:13:04 apk update && apk add elasticsearch 2017-03-06 22:13:56 Hello. :) I was wondering why ifup and ifdown commands need a TTY for being used… Does someone here has the answer? 2017-03-06 22:16:08 Spydemon: They should be able to run lights-out from a script -- what're you running into/ 2017-03-06 22:18:46 TemptorSent, I'm just trying to launch a `ifup eth0` inside a LXC container. But you're right: it should be able to be executed from a script because OpenRC init script did so. 2017-03-06 22:19:09 But according to strace, I hit a ENOTTY when I try to launch the command manually. :( 2017-03-06 22:20:10 Spydemon: Odd.. did you try redirecting to /dev/null? 2017-03-06 22:21:35 Spydemon : Are there any enviroment variables set/unset that could be confusing it? 2017-03-06 22:24:51 ¨μ 2017-03-06 22:37:51 TemptorSent, it seems that you went right: I figure out that my environment variables were (obviously…) the sames than on the host. Unseting SSH_TTY seems to solve the issue. 2017-03-06 22:38:39 Well… I still hit a ENOTTY but the write in /var/run/ifstate occurs now. 2017-03-06 22:40:41 Spydemon: Odd, did you try redirecting stdin/stdout/stderr to /dev/null? 2017-03-06 22:41:11 Spydemon: Often that will trigger code that disables TTY processing. 2017-03-06 22:46:18 TemptorSent, no, it doesn't change anything in my case to redirect the output. 2017-03-06 22:46:47 The variable to unset is actualy SHELL, not SSH_TTY. 2017-03-06 22:47:48 Spydemon: Is TERM set by chance? 2017-03-06 22:50:55 Spydaemon: Can you give me the command line you're using for it? 2017-03-06 22:52:10 TemptorSent, yes, TERM='xterm-256color' 2017-03-06 22:52:22 Do you want what command line ? 2017-03-06 22:52:37 I'm just typing `ifup eth0` in ash. 2017-03-06 22:53:04 (or `ifup eth0 > /dev/null`, `strace ifup eth0`) 2017-03-06 22:53:08 try echo -n | ifup eth0 2017-03-06 22:53:56 echo -n | ifup eth0 2>&1 > /dev/null 2017-03-06 22:55:17 ifup eth0 TemptorSent, none of your options work if I keep the SHELL variable set. 2017-03-06 22:56:04 spydaemon: Odd.. that's bad behavior. 2017-03-06 22:56:56 Shiz : good point :) 2017-03-06 22:58:03 Yes… It surprising that I seem to be the single one that experience this trouble. 2017-03-06 22:58:15 Shiz, your option also doesn't works. ^^" 2017-03-06 23:00:49 Try this: '(unset TERM; unset SHELL ; ifup eth0 < /dev/null)' 2017-03-06 23:01:40 This work. 2017-03-06 23:02:33 Spydemon: Try this too, which is better if it works: env -i ifup eth0 2017-03-06 23:03:06 Spydemon: It depends on if anythign in the environment is needed (USER perhaps?) 2017-03-06 23:03:39 Hi guys anyone has installed Alpine in this kind of devices https://ptpb.pw/IPO6 ? 2017-03-06 23:04:08 I'm interested in creating a Security gateway / firewall with it.. 2017-03-06 23:06:57 dirac1: Link is getting blocked by firewall, fingerprint HTML/Refresh.BC 2017-03-06 23:06:59 TemptorSent, yes `env -i /sbin/ifup eth0` also works. 2017-03-06 23:07:30 Spydemon: You might just run the whole script with that if you can get away with it. 2017-03-06 23:08:40 TemptorSent, yes I can. I was just wondering why this strange behavior is present. :-/ 2017-03-06 23:08:47 I'll paste the full link 2017-03-06 23:09:05 https://www.aliexpress.com/store/product/QOTOM-Dual-LAN-Mini-Computer-with-Bay-Trail-J1800-J1900-Processor-onboard-Fanless-mini-industrial-PC/108231_32694016045.html?spm=2114.12010612.0.0.QoyheS 2017-03-06 23:09:46 OpenRC manages it fine, so it is ok for automation. We just need to think about it when debugging… ^^" 2017-03-06 23:09:59 Tank for your help, TemptorSent! 2017-03-06 23:10:01 dirac1: Ahh, gotcha (even without trying to type that) 2017-03-06 23:10:27 Spydemon: No problem... I'm having fun trying to debug shellscripts interactively by sourcing them in. 2017-03-06 23:11:10 dirac1: Come up with a set of packages and config needs and we'll see what I can do :) 2017-03-06 23:12:51 When you reffer to packages.. you mean like iproute, iptables? alpinewall..? 2017-03-06 23:18:22 dirac1: Yes. I'm working on a rather more flexible image builder, so if you can come up with a set of features and packages needed for each, I thnk it would be fairly straightforward. 2017-03-06 23:19:54 eifjccfvcitjjdcllbebrrtbvifrthlknnuejrrkvehh 2017-03-06 23:20:51 Well my main interest with this is create a cheap/low consume/3rdWorldSolution , Access Security Router... main features: Static Routing,Vlan Routing,Firewall,Vpn,DDNS and the basic stuffs dhcp,NAT 2017-03-06 23:21:15 (This will be my Pre-grade thesis) 2017-03-06 23:22:18 I'll have to create a HTML, GUI... and test capabilities on SOHOs and middle class industries 2017-03-06 23:24:30 dirac1: I believe some of that work may already exist, so you don't need to entirely reinvent the wheel. 2017-03-06 23:25:14 Yup... Pfsense,Sophos.. 2017-03-06 23:26:50 Those are big companies who offer the firewall OS services. 2017-03-06 23:27:24 dirac1: While I haven't tried it yet, the acf framework may be a place to start. 2017-03-06 23:28:19 It appears to already support VOIP applications 2017-03-06 23:28:33 acf? 2017-03-06 23:29:00 Check the alpine wiki - ACF 2017-03-06 23:29:14 Alpine Configuration Framework 2017-03-06 23:31:32 Ok ok i can create the GUI design using ACF? 2017-03-06 23:35:24 dirac1: That's what it look like to me :) I'll have to dig into that after I get done playing with the low level code. 2017-03-06 23:36:34 It might take a bit of work, butI could see integrating it with the image buildng setup and features directly. 2017-03-06 23:37:46 You might want the check with the devs on the status of the project, the wiki is horribly out of date. 2017-03-06 23:39:02 The ACF project? 2017-03-06 23:40:09 Yeah, what's in the tree may be rather different than what the wiki documented. 2017-03-06 23:41:04 For instance, you really don't want to use the wiki's info on generating .isos ...that's how I got started on my project in the first place :) 2017-03-06 23:45:05 Ok ok :D 2017-03-07 00:23:52 hi guys, I try to make a cgi script working on a virtual alpin linux system. For now I have lighttp work, I can see my html stub but when I try to play the script my ffox download the script instead. 2017-03-07 00:24:31 I'm very knew in web dev, I don't really know how to maka cgi work on my virtual system 2017-03-07 00:25:04 hey "maka" rena... 2017-03-07 03:19:05 Hi guys, I run into a problem where sysctl variables I set in sysctl.d/*.conf are not being set 2017-03-07 03:19:29 I need to run sysctl -p and then they get applied. My understanding was that sysctl runs on boot and should pick up this changes 2017-03-07 07:45:46 How do I get wlan0 in pi 3? 2017-03-07 08:23:04 I wonder if it might be an issue with the elasticsearch package. Can someone please try to install it with apk and see if it works for them? Or maybe it is the docker image I'm using that have an issue? 2017-03-07 10:49:46 hi everyone! i just bottend into alpinelinux on a rpi and I'm getting all the time `can't open /dev/ttySO: No such file or directory` any idea? 2017-03-07 10:50:13 i can login, but I keep getting thoose all the time 2017-03-07 10:50:32 bottend = boot* 2017-03-07 10:53:31 I switched to tty2 and it stoped 2017-03-07 11:02:15 so it's probably enabled in inittab. do you use serial connection to your rpi? 2017-03-07 11:04:53 what I mean is, you either have to do what's necessary to truly enable it or you have to disable it. the latter is just commenting out a line in inittab, the former is, well, possibly as simple as checking you've got the stuff set up that enables it (correct modules loaded and correct mdev/udev rules exist) 2017-03-07 11:39:49 TBB: no serial connection at the moment, then I'll try with disabling it 2017-03-07 12:33:28 Is there some workflow defined how to get packages with debug symbols? 2017-03-07 12:42:53 if you're lucky then `apk add -dbg` should do the trick. otherwise you might have to add '-dbg' to the apkbuild file and rebuild 2017-03-07 12:55:35 yGweSm1OzVHe: $pkgname-dbg <- it seems a feature of abuild but not documented. :( seems a gonna have to fiddle with the APKBUILD of libuv 2017-03-07 12:58:04 add that to the subpackages, and do an `abuild -r` 2017-03-07 13:01:17 ok not bad 2017-03-07 13:01:21 $> file ./usr/lib/debug/usr/lib/libuv.so.1.0.0.debug 2017-03-07 13:01:24 ./usr/lib/debug/usr/lib/libuv.so.1.0.0.debug: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped 2017-03-07 13:17:49 Ganwell: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html 2017-03-07 13:22:23 yGweSm1OzVHe: thanks! (#4 0x00007ffff7b67f3e in uv__io_poll (loop=loop@entry=0x7ffff7fdf6e0, timeout=-1) at src/unix/linux-core.c) 2017-03-07 13:23:04 yw 2017-03-07 14:00:55 Is it possible to message an apk package maintaner somehow? 2017-03-07 14:11:00 lilleman: email, the addresses are on the top of the package. 2017-03-07 15:44:07 hi people 2017-03-07 15:44:16 hey GK___1wm____SU 2017-03-07 15:44:18 i irs freak 2017-03-07 15:44:25 and now 2017-03-07 15:44:31 i spam yor ass 2017-03-07 15:44:36 -________-- 2017-03-07 15:44:43 d 2017-03-07 15:45:21 ok i gou new sam chanels 2017-03-07 15:45:25 bibi 2017-03-07 15:45:28 bibi)) 2017-03-07 15:49:06 what the hecl 2017-03-07 15:49:09 s/l/k 2017-03-07 15:50:17 just missed all the fun 2017-03-07 15:50:20 <_ikke_> heh 2017-03-07 15:51:25 yesterday was Allah day in a few other channels im in. 2017-03-07 15:51:52 <_ikke_> Ah, that one 2017-03-07 15:55:01 clandmeter: i wonder when those bots are going to raise the akbar in terms of their skills 2017-03-07 15:55:24 <_ikke_> d'oh 2017-03-07 15:57:36 I wonder if we should read his text from right to left. 2017-03-07 15:57:50 "people hi" 2017-03-07 15:58:04 "chanels sam new gou i ok" 2017-03-07 15:58:23 unless you meant 2017-03-07 15:58:29 "))ibib" 2017-03-07 16:00:03 ((idid, actually 2017-03-07 16:06:00 <^7heo> bibidid yourself. 2017-03-07 16:07:09 <^7heo> pepodad 2017-03-07 16:07:22 <^7heo> (that works well with a 180° rotation) 2017-03-07 16:16:36 urgh, someone should've told me today is my "stay off Alpine" day 2017-03-07 16:16:58 no matter what Alpine install I touch it breaks :P 2017-03-07 17:00:15 TBB: what kind of breaking? 2017-03-07 17:18:13 simple PEBKAC issues mostly :) 2017-03-07 17:18:44 there's another name for this day too, it's called Documentation Day a.k.a stay-the-hell-off-coding day 2017-03-07 17:19:29 just killed a complex setup by apk upgrade / apk downgrade, for example; that wasn't fun 2017-03-07 18:57:22 any reason I can't do "apk add beanstalkd" using the alpine linux base image for docker ? 2017-03-07 18:57:46 ERROR: unsatisfiable constraints: beanstalkd (missing): required by: world[beanstalkd] 2017-03-07 19:04:27 you're doing something wrong 2017-03-07 19:04:47 check your repository config for starters and then run apk update, at least 2017-03-07 19:05:06 I mean, I've got a fresh install in my hands right now and it installs without problems 2017-03-07 19:06:08 anyone knows if hostapd is in the apk repos? seems not :/ 2017-03-07 19:06:40 yes it is, latest-stable/main and edge/main 2017-03-07 19:07:24 oh 2017-03-07 19:07:33 i just dd'ed from iso to disk ;) 2017-03-07 19:07:41 a lot if still unconfigured, repos among that 2017-03-07 19:07:44 sorry for the noise 2017-03-07 19:08:06 first time with alpine (loving it so far) 2017-03-07 20:22:57 hi all! I'd like to install alpine linux on a zfs root 2017-03-07 20:26:39 can anyone tell me how to get zfs running on the alpine linux cdrom image? I already installed the zfs package, but I'm still missing the kernel module 2017-03-07 20:49:15 coin3d: Working on it :) 2017-03-07 20:50:29 coin3d : You can do it manually by fscking with the modloop mount, but I'm just about to the point of having zfs baked in images able to build. 2017-03-07 21:15:26 is there any documentation on how alpine is using s6? I'm trying to get a service for dockerd up, but the RC_SVCDIR doesn't seem to be getting scanned properly? 2017-03-07 21:16:15 it doesn't seem to use services in a way consistent with daemontools and descendants 2017-03-07 21:20:41 okay, i think i see the method to the madness 2017-03-07 21:23:19 alpine uses openrc, no? 2017-03-07 21:23:24 right 2017-03-07 21:23:24 not s6 2017-03-07 21:23:28 openrc 2017-03-07 21:23:39 alpine has a package for s6 2017-03-07 21:23:54 but it stuffs s6's service directory under openrc's /run/openrc schema 2017-03-07 21:24:21 TemptorSent: good to hear! :) 2017-03-07 21:42:08 coin3d : Feel free to alpha test and help me break it :) 2017-03-07 21:42:59 coin3d: Current tree: https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage/ 2017-03-07 22:09:31 ekarlso: `apk add -U beanstalkd` 2017-03-07 23:15:21 coin3d: mv /lib/modules /lib/modules_; cp -r /.modloop/modules /lib; apk add zfs-grsec; modprobe zfs 2017-03-08 13:30:09 has anyone else noticed Alpine's Truecrypt to have problems in commandline use? 2017-03-08 13:31:09 it seems to be unable to flush its own prompts to stdout properly, so you see them only after pressing enter to finish your input 2017-03-08 13:35:21 TBB, i fixed that for ecryptfs, sounds like truecrypt has similar fflush() calls missing 2017-03-08 13:35:32 i've been using truecrypt via GUI only 2017-03-08 13:35:43 TBB, is there a bug about it? 2017-03-08 13:36:22 more glibc assumptions? 2017-03-08 13:36:35 yeah, sounds like that. 2017-03-08 13:38:17 fabled, not yet; I've got a couple of other bugs as well that I should report, it's just that I'm currently about 200% utilized in my work project 2017-03-08 13:39:14 TBB, ok. if it's generic alpine issue, please file a bug report. 2017-03-08 13:39:59 sure. I'm even a bit ashamed of how well my grand vision for being a contributor has turned out; too busy, most of the time, to file bug reports and contribute packages :/ 2017-03-08 13:44:33 another question... glad to see MATE in the repos. I just don't seem to get logged in very quickly, there's a 20-30 second delay before the desktop is fully usable. and its screensaver doesn't lock; works otherwise, but won't lock 2017-03-08 13:44:54 well, there's no question other than OMG WHAT SHOULD I DO NOW?!?! 2017-03-08 14:13:15 TBB: use strace to find out what is causing the 20-30s delay 2017-03-08 14:13:21 go! 2017-03-08 14:13:56 strace, what a wonderful tool 2017-03-08 14:21:42 scv: also try perf-tools 2017-03-08 14:21:56 theres some little toys like execsnoop 2017-03-08 14:22:23 they are quite helpful sometimes in multiprocess problems 2017-03-08 14:23:03 cause sometimes strace doesnt show you delay caused by other programs other than the one you're analyzing 2017-03-08 14:23:25 if its not forked from it directly it gets really hard 2017-03-08 14:24:00 all this asynhronous complex freedesktop stuff for example ;) 2017-03-08 14:25:02 but, normally i have to use many such tools at once to pinpoint the bullshit thats happening in modern day linux desktops 2017-03-08 14:25:54 ah desktop i can imagine 2017-03-08 14:26:02 i try not to subject myself to such horrors anymore 2017-03-08 14:26:12 maybe some years ago but today? 2017-03-08 14:27:13 scv: see the original request :) 2017-03-08 14:27:19 scv: MATE :D 2017-03-08 14:28:55 scv: are you using KMS console or what? 2017-03-08 14:29:07 scv: i saw some people even use mpv on console :D 2017-03-08 14:29:56 but web browsing normally kills this option for people 2017-03-08 14:36:46 apache is segfaulting with the latest alpine docker image, which worked previously, is there a known issue? if I remove this config from my vhost, it seems okay "Protocols h2 http/1.1". With that config I get child segfaults. 2017-03-08 14:41:21 hiro: you're gonna stab me, but i'm running windows on my desktop 2017-03-08 14:41:23 ¯\_(ツ)_/¯ 2017-03-08 14:41:27 gaming purposes 2017-03-08 14:41:59 i've been meaning to install alpine but moving off a 4 disk raid0 is difficult 2017-03-08 14:42:48 my last linux desktop machine was fedora and boy was that a shitshow 2017-03-08 14:44:03 scv: i also run windows 2017-03-08 14:44:25 scv: i log in to some alpine, debian, ubuntu, tinycorelinux boxes from cygwin 2017-03-08 14:44:40 scv: and if i'm ever forced to use an ubuntu desktop i regularly rdp into a windows box 2017-03-08 14:44:48 pretty much same, although i've ditched any systemd monstrosities at this point 2017-03-08 14:45:14 scv: why bother trying to install chrome on a minimal alpine linux installation if the whole chrome codebase is 100 times as large as the part of the OS that i use... 2017-03-08 14:45:22 my primary reason for abandoning linux desktop 2017-03-08 14:45:33 at least the userbase on windows is large enough that stupid bugs in the web browser *will* get attention from somebody with money 2017-03-08 14:45:40 other reason was previous $DAY_JOB required software that ran on windows 2017-03-08 14:46:06 my goal is to install alpine on my bare metal and virtualize windows & passthru the gpu 2017-03-08 14:46:11 I use mint for a desktop :D 2017-03-08 14:46:18 even bought ssds for it but haven't gotten around to actually doing the work yet 2017-03-08 14:47:54 on bare metal my windows 7 install on a phenom II x4 is still so blazingly fast that i will keep on using that for now 2017-03-08 14:48:20 while i don't think i'll do much with virtualization on this platform because i fear there just aren't enough features in that super old CPU 2017-03-08 14:48:24 my desktop is a xeon e5-1620v2, so i think it'll handle the virtualization ok 2017-03-08 14:48:29 less virtualization capabilities 2017-03-08 14:48:45 i used to have a phenom some years ago, outgrew it doing virtualization tasks 2017-03-08 14:48:53 i'd like an OS that makes good use of the IO-MMU 2017-03-08 14:49:04 the other way around back then, server 2008 in vmware workstation, again for gaming :p 2017-03-08 14:49:06 scv: yeah, so as i feared :) 2017-03-08 14:49:16 it just couldn't keep up though 2017-03-08 14:49:27 funny. mine is still perfectly capable 2017-03-08 14:49:31 i'm limited by the old GPU only 2017-03-08 14:49:51 the cpu was the bottleneck for me for sure 2017-03-08 14:50:20 found the same with many AMD cores though, worked at a few VM providers in the past and had trialed some 12 core interlagos for host nodes, they couldn't keep up with 55xx series xeons 2017-03-08 14:50:25 even with fewer cores on the xeons 2017-03-08 14:50:37 more customers and still more responsive machines 2017-03-08 14:51:03 here's hoping ryzen is a change to that trend though 2017-03-08 14:52:20 yeh, it'd be nice to have AMD actually competing with Intel again 2017-03-08 14:52:27 agreed 2017-03-08 14:53:23 odc: I'll do that. I have a pretty good hunch on what causes it tho, I just don't have the time to spend confirming it for now; maybe later in the evening 2017-03-08 14:53:53 (resolver trouble, possibly ipv6 related) 2017-03-08 14:53:59 huh 2017-03-08 14:54:10 (misconfiguration, most probably) 2017-03-08 14:54:32 5 sec timeouts, that kind of stuff 2017-03-08 15:44:46 Hi, could not find any pointer to install zfs in root though it was stated that from v3.5 the install er supports. Tried with 'ROOTFS=zfs setup-alpine -m sys /mnt' didn't seem to work. Any pointers? 2017-03-08 15:46:07 what part broke? 2017-03-08 15:48:12 I even tried to load modules=zfs.ko at the boot prompt without success. Generally it fails. 2017-03-08 15:48:29 so booting? 2017-03-08 15:50:26 the iso boots alright, just need to know how to install root in zfs 2017-03-08 16:40:50 hey everyone, I'm trying to get alpine generic arm (aarch64) working with qemu-system-aarch64 2017-03-08 16:41:01 I'm hitting a few walls 2017-03-08 16:41:11 modloop and networking being the big ones currently 2017-03-08 16:43:26 mmlb: Do you have it loadin an overlay that starts the modloop init? Where's it failing? 2017-03-08 16:44:53 TemptorSent: nope I don't. I'm booting qemu-system-aarch64 with mostly just `-kernel` `-initrd` and console args 2017-03-08 16:45:43 sorry if I'm doing it wrong, tried to look on the wiki for some info and couldn't find anything, how should I add an overlay dev and have init do the right thing? 2017-03-08 16:46:25 its gonna need more than the kernel and initrd to start up the modloop 2017-03-08 16:46:27 mmlb: Don't worry about it, the docs are not so great. 2017-03-08 16:47:12 mmlb: you're using the "generic ARM" download, right? 2017-03-08 16:47:21 I'm probably not using it correctly either, I'm looking to get alpine up, install docker, build an image, save said image and then shutdown. 2017-03-08 16:47:25 Shiz: I am 2017-03-08 16:47:26 mmlb: You'll need at least a minimal overlay that takes care of starting the services needed to get networking up. 2017-03-08 16:47:49 i don't think he'll need an overlay 2017-03-08 16:47:59 sorry, they'll 2017-03-08 16:48:26 initramfs just needs to locate the modloop, and given that they're likely just passing -kernel and -initrd, isn't going to find them 2017-03-08 16:48:41 mmlb: *lol* Okay, sounds like you're like me then -- making a tool work for something it wasn't previously cut out for. 2017-03-08 16:48:50 TemptorSent: seems that way 2017-03-08 16:49:21 mmlb: my best guess for you would be to create a qemu virtual disk image, format and partition it and extract the generic ARM rootfs to it 2017-03-08 16:49:31 Shiz: I was passing in the modloop with `-drive if=sd,file=modloop-vanilla` but nothing seemed to be trying to get it 2017-03-08 16:49:34 then pass it to qemu together with -kernel and -initrd that you previously did 2017-03-08 16:49:41 yeah, the modloop shouldn't be loaded directly as drive 2017-03-08 16:49:45 iirc 2017-03-08 16:49:57 Shiz: I couldn't find where modloop actually got handled by init - afaik it requires an overlay with the needed packages in the world file and the runlevel links. 2017-03-08 16:50:15 TemptorSent: I couldn't find anything for modloop handling either 2017-03-08 16:51:07 mmlb: I just went through debugging the startup process the past couple days, so either we're both missing something obvious, or modloop needs help starting. 2017-03-08 16:51:14 Shiz: my actual workflow is going to use packer to run qemu, do the bare minimum to get ssh running, install docker and ... 2017-03-08 16:51:22 TemptorSent: line 422 2017-03-08 16:51:31 the boot media gets mounted, which includes the modloop init script 2017-03-08 16:51:39 in its packages 2017-03-08 16:51:52 and the packages get installed to a tmpfs 2017-03-08 16:52:02 (if root= is not given, of course) 2017-03-08 16:52:44 Shiz: what is boot media you speak of? 2017-03-08 16:52:46 Shiz: Hmm, not seeing that happening for some reason. 2017-03-08 16:53:05 mmlb: the boot media is typically like the cd-rom or thumbdrive you're booting from in a traditional setup 2017-03-08 16:53:27 Shiz: does nlplug-findfs actually find and mount modloop? 2017-03-08 16:53:38 ahh yeah thats what I thought, but aarch64 doesn't have that :( 2017-03-08 16:53:53 mmlb: that's why i suggested you extracted the contents of generic ARM to a qemu virtual disk and mounted that 2017-03-08 16:53:57 it should be able to find it that way :) 2017-03-08 16:54:02 TemptorSent: no, what happens is this 2017-03-08 16:54:13 TemptorSent: 1) it locates the boot medium through nlplug-findfs and mounts it 2017-03-08 16:54:26 2) it sees there is no root= and proceeds to setup a new alpine install in RAM from the .apks on the mounted boot medium 2017-03-08 16:54:48 3) the .apks on the boot medium include alpine-base .apks and related openrc init scripts 2017-03-08 16:55:00 4) it then chainloads into the alpine installs in RAM and runs the boot scripts, which set up the modloop 2017-03-08 16:55:18 Okay, but somewhere around line 491 is the only place I see it actually referrign to modloop. 2017-03-08 16:55:29 read what i said again 2017-03-08 16:55:37 initramfs-init doesn't consider itself with modloop 2017-03-08 16:55:51 it switches_root to the new alpine install in ram, which then runs modloop as part of regular openrc init 2017-03-08 16:55:53 And thats' supposed to setup a skeleton set of runlevels. 2017-03-08 16:56:16 yes, which is done by virtue of it installing the alpine-base .apk from the boot medium in that new install 2017-03-08 16:56:17 :) 2017-03-08 16:56:41 Right, but that has to actually be able to happen for it to proceed :) 2017-03-08 16:57:12 yes, that's why i suggested to mmlb that they have to setup a way for alpine to find the boot medium 2017-03-08 16:57:20 for example by extracting it to a qemu virtual disk and mounting that into the vm 2017-03-08 16:57:22 :) 2017-03-08 16:57:40 the 'generic arm' .tar works as a boot medium just fine 2017-03-08 16:57:48 it just has to be found by the initramfs 2017-03-08 16:58:48 I'll have to play with that... IIRC it uses an overlay to enable dhcp at boot, right? 2017-03-08 16:59:12 no overlays are used 2017-03-08 16:59:46 Shiz: Hmm, that's based on the uboot profile, right? 2017-03-08 17:00:05 it includes uboot as bootloader, but i'm not sure if there's any uboot-specific configuration in the generic ARM image beyond that 2017-03-08 17:00:36 http://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-uboot.conf.mk 2017-03-08 17:00:38 doesn't look like it 2017-03-08 17:00:42 mmlb: still with us? :) 2017-03-08 17:01:37 Right, but the image generation itself by mkimage used apkovl="genapkovl-dhcp.sh" in mkimg.arm.sh. 2017-03-08 17:01:48 I think we lost him... 2017-03-08 17:02:51 In my mkimage rewrite, I've sorted all the various functions out so you can actually tell what's doing what why. 2017-03-08 17:03:56 But no testing on arm yet - who want's to be a test dummy? 2017-03-08 17:06:02 yeah sorry, coworker was asking some questions :D 2017-03-08 17:06:15 mmlb: No worries. 2017-03-08 17:06:46 o/ I'll be a test dummy 2017-03-08 17:07:06 mmlb: If you want to help me break it, I've done a rewrite of the mkimage code that makes it trivial to setup custom images. 2017-03-08 17:07:12 Shiz: I don't see any 'generic arm' tar ball anywhere 2017-03-08 17:08:06 mmlb: See https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-08 17:08:25 mmlb: https://alpinelinux.org/downloads/ 2017-03-08 17:08:28 mmlb: I think it's on the main alpine downloads :) 2017-03-08 17:08:29 very bottom 2017-03-08 17:08:31 'Generic ARM' 2017-03-08 17:09:03 oh right, yeah thats what I downloaded and extracted to get at the kernel/initrd 2017-03-08 17:09:14 yeah 2017-03-08 17:09:24 you should extract its entirety to a qemu virtual disk and mount it 2017-03-08 17:09:25 :) 2017-03-08 17:09:38 hmm I shall try that indeed 2017-03-08 17:09:40 you can create one using qemu-img and mount it to your host system to move files to with qemu-nbd 2017-03-08 17:11:05 formatting it as ext2/3/4 should work 2017-03-08 17:11:14 cool I will try that Shiz 2017-03-08 17:11:43 TemptorSent: can I just run ./makeimage.sh on non alpine, x86_64? 2017-03-08 17:12:45 mmlb: Good question :) 2017-03-08 17:13:41 mmlb: check the --help, and don't forget to have installed host keys first, then use --hostkeys flag to mkimage or nothign will boot! 2017-03-08 17:13:52 Shiz: what do I do about boot loader? 2017-03-08 17:14:02 mmlb: you just boot with -kernel and -initrd as you did before 2017-03-08 17:14:09 you just also add the virtual disk :) 2017-03-08 17:14:36 that should enable the initramfs to find the boot medium files at runtime, locate the modloop and setup a proper install in ram and switch into it 2017-03-08 17:14:45 mmlb: extlinux is needed when it's trying to boot from hardware, but qemu is getting a pointer directly. 2017-03-08 17:15:24 oic, so just to make sure I don't miss anything: extract all of generic-arm.tar to a virtual disk, qemu -kernel -initrd -append $(same args as extlinux.conf) -drive if=sd,$vdiskfile? 2017-03-08 17:15:27 extlinux doesn't really do much on bare-metal arm 2017-03-08 17:15:37 mmlb: i believe that should work, yes 2017-03-08 17:15:47 cool will try that 2017-03-08 17:15:51 Shiz: not extlinux itself, sorry, extlinux.conf 2017-03-08 17:16:00 not sure if it supports sd though 2017-03-08 17:16:12 That's what uboot appears to pick up its boot config from. 2017-03-08 17:16:17 TemptorSent: I'll be trying your mkimages.sh anyway since that may come in handy for something else here 2017-03-08 17:17:01 Shiz: yeah I don't think so either, thoughts on what it should be? 2017-03-08 17:17:05 mmlb: Yeah, the intent is to make custom images about as easy as a docker image would be, and have them fully operational with no further config. 2017-03-08 17:17:16 :heart_cat_eyes: 2017-03-08 17:18:57 mmlb: I have it booting happily in qemu on x86_64 now, bringing up zfs, starting sshd, starting dhcp, and starting postgres. 2017-03-08 17:19:00 mmlb: you can try with sd and see if it works :) 2017-03-08 17:19:14 looking up other options right now 2017-03-08 17:19:33 Shiz: I'll try but I don't think it'll work since sd isn't built in, or in the initram 2017-03-08 17:19:39 mmlb: if sd doesn't work, you can try scsi 2017-03-08 17:19:48 mmlb: sd isn't but mmc is :) 2017-03-08 17:19:51 so it may still work 2017-03-08 17:21:29 Depending on the configuration, the sd may look like a USB interface, scsi blk, mmc, or sd specifc. 2017-03-08 17:22:20 I'm currently running this dev box of a micro-sd sitting in a usb reader :) 2017-03-08 17:24:43 Many of the embedded arm devices hang a controller of an internal USB hub. 2017-03-08 17:25:41 The REALLY fun ones hang them direcly of a SPI intereface with none of the extra signal lines and you get to basically bit-bang out page changes. 2017-03-08 17:29:42 omg I just realized I was using sd, instead of scsi (for sata)! 2017-03-08 17:30:27 mmlb: That could be problematic :) 2017-03-08 17:31:14 yeah 2017-03-08 17:31:56 ACTION shakes fist 2017-03-08 17:59:24 mmlb: any issues? 2017-03-08 18:01:38 Shiz: Yup. So I got the vdisk setup, 1 ext4 partition, seems the disk is not being found 2017-03-08 18:01:47 I'm running sudo qemu-system-aarch64 -machine virt -cpu cortex-a57 -m 2048 -nographic -kernel vmlinuz -initrd initramfs-vanilla-with-modloop -append 'console=ttyAMA0,115200 ip=dhcp debug_init=yes' -netdev tap,id=net0,br=hv -device virtio-net,netdev=net0 2017-03-08 18:01:49 -hda sdd.img 2017-03-08 18:02:31 what's initramfs-vanilla-with-modloop? 2017-03-08 18:03:17 oh, I stuffed the modloop file into the initramfs as `/modloop`, no other changes 2017-03-08 18:03:55 same deal with normal initramfs-vanilla 2017-03-08 18:04:51 what's sdd.img look like? 2017-03-08 18:04:56 as in, how did you set it up 2017-03-08 18:06:23 truncates -s10G sdd.img; losetup -f sdd.img; fdisk /dev/loop0 (gpt, 1 partition all space), mkfs.ext4 /dev/loop0p1, mount, rsync -havP extracted-generic-arm/ /mnt; umount; losetup -D 2017-03-08 18:06:49 try this 2017-03-08 18:07:58 qemu-img create -f qcow2 hda.img 10G; modprobe nbd max_part=8; qemu-nbd --connect=/dev/nbd0 hda.img; mkfs.ext4 /dev/nbd0; 2017-03-08 18:08:07 then mount rsync etc and qemu-nbd ---disconnect=/dev/nbd0 2017-03-08 18:08:37 1s 2017-03-08 18:08:40 and then -drive if=scsi,file=hda.img,format=qcow2 2017-03-08 18:10:00 one issue is that the stock alpine armhf kernel config doesn't support GPT i think 2017-03-08 18:10:04 armhf/aarch64 2017-03-08 18:11:14 unsure though 2017-03-08 18:12:30 hmm well I have no way to check that out since I dont even get a '/dev/sda' at all (about to try you image now) 2017-03-08 18:13:32 hmm 2017-03-08 18:13:37 it might not be called sda 2017-03-08 18:17:17 Shiz: nope doesn't look like the mods are loaded, I've got a bunch of ramN, ttyN nothing /dev/sda, hda, scsi... 2017-03-08 18:25:55 hmm 2017-03-08 18:26:07 anything in dmesg? 2017-03-08 18:26:37 not that I can tell 2017-03-08 19:03:22 TemptorSent: how do you get the overlay seen in qemu? 2017-03-08 19:38:33 mmlb: You'll have to make sure the initfs gets built with the modules you need. 2017-03-08 19:38:56 Once it can get that far, it the overlay will have the rest of the startup. 2017-03-08 19:39:52 If you have to, make a cpio archive with the files you need in their directory structure and add it as an additional initrd. 2017-03-08 19:42:08 ahh you're using your custom initrd, makes sense. Yeah I might try cpio for the extra initrd 2017-03-08 19:42:20 I may just go with a custom image though 2017-03-08 19:42:23 2 birds 1 stone 2017-03-08 19:46:07 update-kernel uses mkinitfs, so the settings /etc/mkinitfs/mkinitfs.conf determine the contents of the initrd. 2017-03-08 19:46:26 Make sure the features you need are enabled and you should be good. 2017-03-08 19:58:27 Could not find any documents on installing alpinelinux's root in zfs (which reportedly is possible since version 3.5 (https://www.alpinelinux.org/posts/Alpine-3.5.0-released.html). Can anyone elaborate or point to any document? Already tried with ROOTFS=zfs setup-alpine -m sys /mnt, but got installed into ext4. Even trying to load modules=zfs.ko and zfs didn't go through. 2017-03-08 20:43:58 thanks TemptorSent 2017-03-08 20:50:15 :woop: *finally*. I don't know why I didn't think to do this earlier :/. I extracted modloop into initram, repacked and booted that. 2017-03-08 20:51:21 looks like aarch64 images are biased for "Cute Embedded Nonsense Hacks". It would be nice to have virtio_blk in it too. 2017-03-08 21:03:09 mmlb: what do you mean by "Cute Embedded Nonsense Hacks" 2017-03-08 21:03:35 I occasionally do some embedded stuff, and trying to learn about doing things the proper way or non-hacky way 2017-03-08 21:09:22 mmlb: the latter should be easy 2017-03-08 21:09:32 http://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-uboot.conf.mk 2017-03-08 21:09:39 poke someone to add "virtio" to INITFS_FEATURES 2017-03-08 21:09:40 :p 2017-03-08 21:09:58 know anyone I should poke? 2017-03-08 21:10:40 best option is fabled or ncopa 2017-03-08 21:10:56 systmkor: The aarch64 file I downloaded is missing some things that would be useful in virtualized environments (like virtio-blk, virtio-net) 2017-03-08 21:11:30 and also using u-boot and dts, which is not how things are being done in aarch64-server space (UEFI + standard bootloaders) 2017-03-08 21:11:41 so looks like current alpine builds are for embedded devices 2017-03-08 21:27:36 TemptorSent: I'm running mkimage in a docker alpine container, I have a user named builder with group abuild and sudoers file has `builder ALL=(ALL) ALL`, mkimage is failing with `>>> WARNING: mkimage.sh:x86_64:extended:build apk repo:x86_64: Building 'apks' failed!` 2017-03-08 21:41:49 Greetings, I'm trying to do some testing with Alpine in VMware Fusion. I'm booting the alpine-virt ISO, but I don't seem to have any network interfaces other than lo. I do have an interface device in the vmware config. 2017-03-08 21:42:00 I feel like I'm missing something that should be obvious. 2017-03-08 21:42:21 bahamat: what NIC is it set to emulate? 2017-03-08 21:43:38 Shiz: Unfortunately the vmware interface doesn't show me...I think it's e1000 though. 2017-03-08 21:44:09 hmm 2017-03-08 21:44:21 does # lsmod show e1000? 2017-03-08 21:45:06 I did modprobe e1000 manually, and it is there. 2017-03-08 21:45:22 but neither ifconfig nor ip link list it. 2017-03-08 21:45:32 anything in dmesg about e1000 finding a device? 2017-03-08 21:45:40 it might not be an e1000 if it can't p 2017-03-08 21:45:41 :p 2017-03-08 21:46:34 Just that the driver loaded. 2017-03-08 21:46:39 @ncopa or @clandmeter how can one install root in zfs from bootable iso? Tried with even extended iso in vain. Just stuck like this forum thread: https://forum.alpinelinux.org/forum/installation/boot-zfs-root 2017-03-08 21:46:58 bahamat: what about # modprobe vmxnet3 2017-03-08 21:47:04 I tried vmxnet3 as well, same thing. 2017-03-08 21:47:54 bahamat: what does ethernet0.virtualDev in your .vmx file say? 2017-03-08 21:49:18 That line isn't present 2017-03-08 21:49:32 that would indicate you don't have an active network device configured 2017-03-08 21:49:41 if there are no other lines that start with ethernet0 either 2017-03-08 21:49:44 ethernet0.present = "TRUE" 2017-03-08 21:49:46 And others 2017-03-08 21:49:53 Just not virutalDev 2017-03-08 21:49:56 ah 2017-03-08 21:50:07 try closing vmware, and adding ethernet0.virtualDev = "e1000" 2017-03-08 21:50:15 then booting the machine again 2017-03-08 21:50:44 OK, my other instances do have virutalDev="e1000" 2017-03-08 21:51:36 the virt alpine image only supports E1000 and VMXNET3 drivers (and virtio-net and a few others) 2017-03-08 21:51:47 so if your vmware tries to emulate vmxnet, vmxnet2 or some oehter device it wouldn't work 2017-03-08 21:51:57 Yep, that was it. 2017-03-08 21:52:02 No idea what it was emulating before 2017-03-08 21:52:11 likely vmxnet or vmxnet2 2017-03-08 21:52:18 Well, sorry to bust in here with what was essentially a vmware question :-/ 2017-03-08 21:52:23 no problem lol 2017-03-08 21:52:41 It's lame that fusion doesn't even show me the device type, or allow me to change it. 2017-03-08 21:53:10 interestingly i never had issues with alpine in fusion, but i didn't use the virt image 2017-03-08 21:53:18 maybe it was because i used an older version of fusion, though 2017-03-08 21:53:34 I've got 8.5.3 2017-03-08 21:53:49 But, whatever. It's working now. 2017-03-08 21:54:09 until recently i was on 6 or 7, i think 2017-03-08 21:54:13 i haven't tried since upgrading 2017-03-08 21:54:42 ah, my .vmx does say >ethernet0.virtualDev = "e1000" 2017-03-08 21:54:49 so it was probably because I was using an older version of fusion 2017-03-08 21:56:02 Yeah, I think that's it. These other instances were originally created with older versions 2017-03-08 21:56:40 that's somewhat problematic though, that for a stock user Alpine won't run on a standard Fusion setup... 2017-03-08 21:56:49 Yeah. 2017-03-08 21:57:46 what "base" did you choose? 2017-03-08 21:58:13 e.g. my selection for alpine is "Other Linux 3.x kernel 64-bit" 2017-03-08 21:58:37 That's what I chose 2017-03-08 21:59:08 Being booted from the CD, can I install packages without having to do the full alpine-setup? 2017-03-08 21:59:14 sure 2017-03-08 21:59:21 it will only retain in the live environment though, for obvious reasons 2017-03-08 21:59:23 :P 2017-03-08 21:59:58 you might want to run setup-apkrepos first 2017-03-08 22:00:11 to change the repositories file to point to an online mirror 2017-03-08 22:00:17 instead of the limited cache on the livecd 2017-03-08 22:03:17 I've only ever used alpine in clouds before, so doing it in fusion manually is a new experience for me :-) 2017-03-08 22:06:19 Hi everybody. This is my very first time in this channel. I have been using alpinelinux to build docker images just from a few weeks ago. I think this distro is awesome because of its minimalism. 2017-03-08 22:08:12 :) 2017-03-08 22:16:57 PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0018(Transmitter ID) 2017-03-08 22:17:05 I have this dmesg error 2017-03-08 22:17:24 how can i determine what hardware is causing the problem 2017-03-08 22:19:25 mystified1234: "type=Data Link Layer" indicates network interface to me. 2017-03-08 22:21:36 thx 2017-03-08 22:22:44 command not found 2017-03-08 22:24:10 Shiz: Ok, I've got my test case successfully executed. Thanks for your help! 2017-03-08 22:25:21 mystified1234: he wasn't giving you a command, but quoting from your message 2017-03-08 22:25:36 typically, it would show the device in the next line of dmesg 2017-03-08 22:25:48 at device [xxxx:yyyy] ... 2017-03-08 22:25:49 tx 2017-03-08 22:26:01 compare that xxxx:yyyy to the IDs in lspci -vv 2017-03-08 22:26:02 to find the device 2017-03-08 22:44:01 Ok, I've definitely found a bug. 2017-03-08 22:44:35 But, I think it may be a musl bug, not really alpine. 2017-03-08 22:45:34 If you use Google DNS (8.8.8.8) and try to resolve a name that needs to upgrade to EDNS, name resolution fails. 2017-03-08 22:46:05 Could someone independently verify this with me? 2017-03-08 22:46:57 "upgrade to EDNS" ? 2017-03-08 22:47:57 DNS replies have a maximum size and may not be fragmented. If a reply is too large to fit in the DNS reply it's retried with EDNS over TCP 2017-03-08 22:49:28 there's no stub-relevant query that can't fit in normal dns 2017-03-08 22:50:00 if you're doing dnssec (main application) you need a local dns on 127.0.0.1 2017-03-08 22:50:50 stub does not (and should not) verify signatures; instead it needs to trust a local dns that can do the signature verification 2017-03-08 22:51:16 in short, it's working as designed, not a bug 2017-03-08 22:51:48 im not sure i agree 2017-03-08 22:51:58 there's cases to be thought where a DNS reply can exceed udp size 2017-03-08 22:52:03 (agree on the dnssec part, though) 2017-03-08 22:52:40 I absolutely know that's the case. 2017-03-08 22:52:52 it's a bug for applications to rely on those because in many/most instances you can't perform such lookups 2017-03-08 22:53:27 and the only way it can happen is with near-max-length CNAME pointing to a near-max-length other name that doesn't compress well with the CNAME 2017-03-08 22:53:44 because in many/most instances you can't perform such lookups <-- why? 2017-03-08 22:53:57 dalias: It's a bug for the resolver to return 'bad address' when there's a valid record. 2017-03-08 22:53:58 because most sites don't have tcp dns available 2017-03-08 22:54:03 that's a bug in the site then 2017-03-08 22:54:13 tcp dns is not for stub resolver use 2017-03-08 22:54:18 my site happens to have it available just fine 2017-03-08 22:54:29 it's for zone transfers, etc. 2017-03-08 22:54:30 If a site is serving records that are too large and also doesn't support edns, then yeah, that's their problem. 2017-03-08 22:54:36 i mean the client site 2017-03-08 22:54:40 not the server site 2017-03-08 22:54:46 i mean 2017-03-08 22:54:48 Well it works with glibc. 2017-03-08 22:54:52 my client site happens to have it available just fine 2017-03-08 22:54:53 It works with FreeBSD. 2017-03-08 22:55:07 It works with musl when the resolver is not Google. 2017-03-08 22:55:17 musl never does tcp 2017-03-08 22:55:21 It's just musl and 8.8.8.8 2017-03-08 22:55:39 can you determine why it happens with 8.8.8.8? 2017-03-08 22:55:57 I can tcpdump it 2017-03-08 22:56:01 even if they appent bogus extra records, musl should accept truncated replies just fine 2017-03-08 22:56:14 But I wanted to make sure someone else could verify the behavior I'm seeing. 2017-03-08 22:56:26 is it a domain i can try the lookup on? 2017-03-08 22:57:02 btw treating a domain that can't resolve because of technical issue like this as nxdomain rather than an error is probably wrong if that's happening 2017-03-08 22:57:15 bigname.zonena.me 2017-03-08 22:58:33 dig works fine. ping will exhibit the error if /etc/resolv.conf uses 8.8.8.8 as the first nameserver. 2017-03-08 23:01:40 not sure what to make of it. 8.8.8.8 is returning a bogus (empty) response 2017-03-08 23:02:48 Did you tcpdump it yet? That's my next step. 2017-03-08 23:02:59 yeah, nothing interesting. it looks empty 2017-03-08 23:03:12 Hmm. 2017-03-08 23:04:08 if we could distinguish this bogus response from a valid negative result we could ignore it 2017-03-08 23:04:16 and then if you have other nameservers they'd succeed 2017-03-08 23:05:29 all the wiki entries for Xorg setup reference Xorg -configure as an option, when that would never work because of musl 2017-03-08 23:05:31 w0w 2017-03-08 23:07:36 ? 2017-03-08 23:20:09 bahamat, have you looked at the dump? any idea why it looks like an empty reply? 2017-03-08 23:20:23 dalias: I haven't yet. 2017-03-08 23:20:43 I was spinning up some instances with different libc implementations to compare 2017-03-08 23:21:16 i would compare the tcpdump too 2017-03-08 23:21:31 Yeah. 2017-03-08 23:21:39 just in case there's a difference in the query that leads to a difference in the reply 2017-03-08 23:23:51 So, I've tried glibc, FreeBSD, illumos, Darwin. Musl is definitely the outlier. 2017-03-08 23:25:08 that doesn't tell anything about why it's happening 2017-03-08 23:25:22 can you even tell if the others successfully look it up with 8.8.8.8? 2017-03-08 23:25:38 or if they perhaps just ignore the empty response and get the result from another fallback ns 2017-03-08 23:26:19 Yes, all of the others successfully look it up against 8.8.8.8 2017-03-08 23:26:35 I'm getting ready to tcpdump on each of them to provide as comparisons. 2017-03-08 23:26:46 dalias: quick off-question 2017-03-08 23:26:48 = note: /usr/lib/gcc/x86_64-alpine-linux-musl/6.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: /tmp/rustc.1RyuI3Lx271V/libunwind-2751140f63f73bc6.rlib(Ltrace.o): relocation R_X86_64_TPOFF32 against `tls_cache_destroyed' can not be used when making a shared object; recompile with -fPIC 2017-03-08 23:26:58 do you know which side should be compiled as relocatalbe in this case? 2017-03-08 23:27:11 is it Ltrace.o or the .o that contains tls_cache_destroyed 2017-03-08 23:30:27 the .o file containing that reloc was miscompiled 2017-03-08 23:30:32 so Ltrace.o I think 2017-03-08 23:30:43 TPOFF32 is not a valid TLS reloc type in shared libraries 2017-03-08 23:32:39 hmm... 2017-03-08 23:33:47 >Ltrace.o: ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped 2017-03-08 23:33:48 curious 2017-03-08 23:35:18 bahamat, ok i straced the lookup (easier than tcpdump) 2017-03-08 23:35:23 8.8.8.8 has a buggy response 2017-03-08 23:35:38 it really is an empty reply 2017-03-08 23:35:57 it has the TC (truncated) flag set 2017-03-08 23:36:13 but in that case the part of the response that fits should be included 2017-03-08 23:36:24 I see. 2017-03-08 23:36:48 So other implementations are retrying with edns simply based on the tc flag. 2017-03-08 23:37:27 i guess so 2017-03-08 23:38:03 now, wonder who we report this to.... 2017-03-08 23:38:22 I wonder if they're doing it as some sort of bandwidth saving measure. 2017-03-08 23:39:40 hmm, maybe they consider your ridiculously long record as a malicious one crafted for ddos amplification? 2017-03-08 23:40:06 Possibly? 2017-03-08 23:40:20 in any case... 2017-03-08 23:40:47 even if other libcs do use tcp/edns, by having an oversize record like this, you're badly impacting performance 2017-03-08 23:40:54 instead of 1 udp round trip 2017-03-08 23:41:07 you have 1 failed udp round trip, then multiple tcp round trips 2017-03-08 23:41:11 to get the result 2017-03-08 23:42:26 got the issue tracker, i'll post a bug report and see what happens 2017-03-09 00:19:37 dalias: Doing some further testing, musl doesn't retry truncated responses with tcp at all. 2017-03-09 00:20:00 If the truncated reply includes answers it uses them, but it doesn't retry with tcp. 2017-03-09 00:20:47 hey, after about 12 hours my resolv.conf gets changed back to a local network address instead of the VPN provided one. So far I only have found people saying that this is done by the udhcpd client but haven't found any real indication for this 2017-03-09 00:20:47 . Anyone who could point me in the right direction would be great 2017-03-09 00:20:49 that's what dalias said before, no? 2017-03-09 00:22:15 Yeah, I suppose so. That wasn't immediately clear to me. 2017-03-09 00:22:51 Skele: create /etc/udhcpc/udhcpc.conf 2017-03-09 00:22:55 I had interpreted it as if there are answers, and it's truncated it'll retry with tcp 2017-03-09 00:23:00 add 'RESOLV_CONF=no' to it 2017-03-09 00:23:34 that'll stop it from overwriting your resolv.conf, at least 2017-03-09 00:36:43 thanks a lot, Shiz 2017-03-09 00:37:26 udhcpc is correct without a c instead of a d at the end? 2017-03-09 00:39:04 udhcpc, yes 2017-03-09 00:39:06 the c means client 2017-03-09 00:41:35 I see 2017-03-09 00:49:50 dalias: Do you have a bug number or anything that I can add myself as a watcher? 2017-03-09 00:59:01 not yet, busy with other things 2017-03-09 01:35:50 mmlb: I've been out most of the day and will be again for another couple hours, but drop me a line and let's get you a custom image if we can :) 2017-03-09 15:10:59 Hi guys, I would like to use alpine as my main container image. what is the best way to keep track of security bugs in alpine and alpine packages? 2017-03-09 15:12:14 <_ikke_> Pizzarabe: the commit messages usually contain the CVE numbers 2017-03-09 15:12:24 <_ikke_> But I'm not sure if that's exhaustive 2017-03-09 15:13:56 _ikke_: you mean the git commits (http://git.alpinelinux.org/cgit/aports/log/?h=v3.5.2)? 2017-03-09 15:14:09 <_ikke_> yes 2017-03-09 15:15:15 Is there a good way to keep track of the git log? I thought about sth. like a mailing list or a rss feed, maybe sth. I can automate the container updating 2017-03-09 15:18:19 <_ikke_> There are some tools which track package updates, but I don't recall the names anymroe 2017-03-09 15:18:21 <_ikke_> anymore 2017-03-09 15:18:33 <_ikke_> (one is a fedora project) 2017-03-09 15:20:43 Okay, lets look at that different, how do you update your alpine installations? 2017-03-09 15:20:59 <_ikke_> Pizzarabe: run apk upgrade -U from time to time 2017-03-09 15:24:45 Okay, I will try to get clair running then ;) (https://github.com/coreos/clair) 2017-03-09 17:32:34 hey TemptorSent ping me whenever you have a chance so I can try getting builds to work 2017-03-09 17:50:39 mmlb: *ping* - How's it going? 2017-03-09 17:51:36 hey TemptorSent, alright. I got alpine booting in qemu-system-aarch64 (but then it stopped working for some reason). Anyway I'd like to make an iso with virtio drivers in. 2017-03-09 17:51:44 TemptorSent: how you doing? 2017-03-09 17:52:08 mmlb: Moving a bit slow this morning, but up and about anyway :) 2017-03-09 17:52:42 mmlb: Okay, that should be pretty straightforward. 2017-03-09 17:52:45 yeah I hear that 2017-03-09 17:53:51 ok cool. I've got a docker container running alpine:latest. created said builder user, only group is abuild, messed with sudoers, but looks like I can't fetch deps 2017-03-09 17:55:35 mmlb: That's odd. 2017-03-09 17:55:49 let me try again now 2017-03-09 17:57:45 mmlb: If you pull the lastest rev of my mkimage branch, you should be able to add virtio to wheichever profile you want by creating a new profile that calls the one you want to base on then calling add_initfs_features_virtio and add_initfs_load_modules " 2017-03-09 17:58:16 Oh, and possibly initfs_add_apks if you have modules that aren't in the kernel tree, but virtio should be. 2017-03-09 17:58:22 ..AFK a bit, back shortly. 2017-03-09 17:59:57 kk 2017-03-09 18:03:22 Hello, I am unable to build docker images with alpine right now I keep getting logs like: https://gist.github.com/dustinlacewell/9440e101e7d668d1b1d407019a234cf3 2017-03-09 18:03:29 Is there currently an issue with apk repositories? 2017-03-09 18:04:01 TemptorSent: I was able to manually install all the apks... 2017-03-09 18:04:40 mmlb: Okay, so abuild-apk isn't doing the su thing for you like it's supposed to then? 2017-03-09 18:05:00 mmlb: Is it trying and failing or not trying/ 2017-03-09 18:05:26 I'll take a look 2017-03-09 18:06:05 mmlb: Not that it matters as far as making it work, but it would be nice to know why it doesnt. 2017-03-09 18:07:07 ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.5/community: temporary error (try again later) 2017-03-09 18:07:14 it returns 404 2017-03-09 18:08:57 Anyone? 2017-03-09 18:09:06 Idleworker: try dl-4 and see if yout get the error... somethign one one of the mirrors may have died. 2017-03-09 18:09:41 huh? I'm not specifying a mirror. 2017-03-09 18:09:44 How do I do that manually. 2017-03-09 18:10:16 Idleworker: /etc/apk/repositories 2017-03-09 18:10:38 I'm building a docker image... 2017-03-09 18:10:39 TemptorSent: abuild-apk fetch --root /tmp//tmp/mkimage.LkGcaB/apkroot-x86_64 --link --recursive --output /tmp//tmp/mkimage.LkGcaB/apks_x86_64_snip.work/apks/x86_64 acct alpine-base ... 2017-03-09 18:10:41 acct: unable to select package (or it's dependencies) ... repeat for each package 2017-03-09 18:11:09 mmlb: Looks like it's not finding the repo? 2017-03-09 18:11:36 and is the /tmp//tmp/... in the --root intentional? 2017-03-09 18:12:20 yeah seams that way I just noticed this: 2017-03-09 18:12:22 >>> WARNING: mkimage.sh:x86_64: no repository set 2017-03-09 18:12:24 It looks like it's being double-specced for some reason. 2017-03-09 18:12:24 OK: 0 distinct packages available 2017-03-09 18:12:35 Yeah, that'd do it :) 2017-03-09 18:12:47 TemptorSent: that was default. I just ran `./mkimage.sh` 2017-03-09 18:12:59 I take it I should specify a profile? 2017-03-09 18:13:00 Oh, yeah -- you don't want to do that :) 2017-03-09 18:13:30 :D 2017-03-09 18:13:34 mmlb: Yeah, you should specify the profile, workdir, outdir, and pass the --hostkeys option! 2017-03-09 18:13:41 do a --help 2017-03-09 18:13:54 I did, but doesn't say if anything is required soOo... 2017-03-09 18:14:18 ldleworker: gist your dockerfile? 2017-03-09 18:14:26 Yeah, I haven't gone back and rewritten the help-text yet, just added a couple items. 2017-03-09 18:16:18 TemptorSent: `./mkimage.sh --hostkeys ~/.abuild/builder-58c19b5b.rsa --outdir /tmp/out --workdir /tmp/work --profile vanilla --repository-file /etc/apk/repositories` gives me same error but with less packages 2017-03-09 18:16:42 mmlb: I'm using './mkimage.sh --repository-file /etc/apk/repositories --outdir /tmp/mkimage.out --workdir /tmp/mkimage.tmp --apk-cache-dir /tmp/mkimage.apkcache --hostkeys --profile xen' for instance 2017-03-09 18:16:52 actually no, only xtables-addons-vanilla was unmet 2017-03-09 18:17:05 let me try your call 2017-03-09 18:17:40 hmm, it was supposed to avoid adding xtables-addons to vanilla kernels. Let me check that. 2017-03-09 18:19:45 Oops, my bug I think. 2017-03-09 18:22:34 mmlb: Pull again, should be fixed. 2017-03-09 18:23:19 k will try again 2017-03-09 18:23:24 mmlb: It's great to check for a supported kernel, but not so great to try to add modules for all the other ones too. 2017-03-09 18:24:06 mmlb: It might take a sec for it to show up actually, I forgot github isn't my local repo. 2017-03-09 18:27:19 mmlb: Let me know if anythig else is broken :) 2017-03-09 18:31:41 TemptorSent: have to fix a fire at work right now, should be back at this in ~1hr tops 2017-03-09 18:32:24 mmlb: No worries, don't forget to pull the pin on the extinguisher ;) 2017-03-09 18:40:19 pull the pin on the grenade, not extinguisher. got it! 2017-03-09 18:41:05 mmlb: Pull pin and throw... 2017-03-09 18:41:45 mmlb: ...not the pin, the GRENADE you fo-*BOOM* 2017-03-09 21:07:43 TemptorSent: vanilla x86_64 works fine, I uncommented out the `add_archs "aarch64"` from profiles/alpine/profile-vanilla.sh but that fails when I do --arch aarch64 2017-03-09 21:09:50 TemptorSent: fails with `/tmp/update-kernel.bjePdP/root/lib/ld-musl-x86_64.so.1: Not found.` 2017-03-09 21:26:28 mmlb: Hmm, looks like update kerenel is trying to use the wrong loader perhaps? I haven't poked at cross-building yet... 2017-03-09 21:31:20 I think more along the lines of mkinitfs 2017-03-09 21:32:21 mmlb: Yeah, mkinitfs is called from update-kernel, but there's no sign of the architecture being passed, so that's likely the culprit. 2017-03-09 21:32:52 mmlb: Let me see if I can find an easy way of altering that. 2017-03-09 21:36:22 ok 2017-03-09 21:38:29 mmlb: Could you tell what was looking for ld-musl-x86_64.so.1? 2017-03-09 21:39:16 mmlb: I'm guessling lddtree in initfs_base. 2017-03-09 21:39:58 yup 2017-03-09 21:43:44 mmlb: looks like it may be an issue with lddtree itself, trying to parse... 2017-03-09 21:46:16 yeah I think you are right, I'll try to catch what it is that is not aarch64, but my root dir seems to be wiped 2017-03-09 21:49:28 mmlb: I suspect it's actually readelf related... It's trying to use the wrong ld path? 2017-03-09 21:49:56 maybe, I'll stop the process before calling lddtree and see if I can poke around 2017-03-09 21:53:11 mmlb: readelf calls scanelf via elfspecs in /usr/bin/lddtree --Try adding a line to dump the command to a file in scanelf for debugging perhaps. 2017-03-09 21:53:28 will do 2017-03-09 21:56:01 mmlb: I'm guessing scanelf needs different arguments to work properly and it's only by accident that it works when the target and host are the same. 2017-03-09 21:56:33 yeah thats likely the case, cross compile/packaging is always fun 2017-03-09 21:58:21 mmlb: I'm not sure that it was ever setup to work previously, considering. 2017-03-09 22:05:44 Hmm, someone else take a look at /usr/bin/lddtree:find_elf around line 78 please and tell me if that code parses sanely in your head? 2017-03-09 22:13:40 In fact, does the entire nested function definition for check_paths INSIDE find elf make any sense? 2017-03-09 22:15:50 TemptorSent: I'll be looking at this some more later tonight/tomorrow, cya later 2017-03-09 22:18:05 mmlb: Okay, sounds good -- it looks like a bug in lddtree to me at the moment. 2017-03-09 22:18:40 mmlb: Some vodo-gone-wrong likely. 2017-03-09 22:33:20 It appears elf_specs is undefined the first time through the loop, which leaves check_path comparing against "". 2017-03-09 22:54:48 fastcgi_pass unix:/run/php/php7.0-fpm.sock; 2017-03-09 22:54:53 how do I get this to work in alpine linux? 2017-03-09 22:54:58 nginx + php-fpm 2017-03-09 23:23:55 Fearfulx: you edit the php-fpm configuration to listen on a socket 2017-03-09 23:23:57 presumably 2017-03-10 02:17:32 Xe: https://gist.github.com/dustinlacewell/9440e101e7d668d1b1d407019a234cf3 2017-03-10 02:18:07 ldleworker: docker run --rm -it alpine:3.5 sh 2017-03-10 02:18:14 then # apk update 2017-03-10 02:19:26 Xe https://gist.github.com/dustinlacewell/a2920035ac3c7b41b420f2b27b5a83d1 2017-03-10 02:19:49 ldleworker: nslookup dl-cdn.alpinelinux.org 2017-03-10 02:20:58 if that fails, reboot your docker build host 2017-03-10 02:21:28 Xe: well it fails from inside the container you told me to run 2017-03-10 02:21:30 but not from my host 2017-03-10 02:21:35 yeah 2017-03-10 02:21:36 r e b o o t 2017-03-10 02:21:38 reboot your host 2017-03-10 02:21:45 something's fucky with dns 2017-03-10 02:21:46 OK I will, but why? 2017-03-10 02:21:50 OK 2017-03-10 02:21:52 rebooting is never the fix 2017-03-10 02:21:59 scv: no, but it hides the problem 2017-03-10 02:22:03 this isn't windows 2017-03-10 02:22:15 Well should I reboot or not? lol 2017-03-10 02:22:29 ldleworker: reboot or at the least restart docker daemon 2017-03-10 02:23:17 restarting docker daemon worked 2017-03-10 02:23:19 thanks 2017-03-10 02:23:25 np 2017-03-10 02:23:48 Xe, I'm working on a docker-backed package manager :) 2017-03-10 02:24:07 ldleworker: seems reasonable 2017-03-10 02:24:12 good choice of distro 2017-03-10 02:24:24 Well, alpine is just used for the images. 2017-03-10 02:24:29 Not the host OS 2017-03-10 02:24:32 dckr-get install weechat 2017-03-10 02:24:41 yeah 2017-03-10 02:24:44 that's what i meant 2017-03-10 02:24:45 will install the image, and give you a `weechat` alias that runs the container 2017-03-10 02:24:48 Ah OK :) 2017-03-10 02:24:57 look at subuser 2017-03-10 02:25:34 Doh. 2017-03-10 02:25:36 :P 2017-03-10 02:26:21 Xe is this exactly what I imagined? 2017-03-10 02:26:26 Or just something similar. 2017-03-10 02:26:40 ldleworker: i can't read your mind, but probably 2017-03-10 02:27:00 hehe 2017-03-10 02:27:20 I recently switched from a monospace sans font, to a nice serif font on IRC 2017-03-10 02:27:30 I can't believe how much nicer IRC is now. 2017-03-10 04:49:41 <__machine> are new versions of docker generally backported into the stable release? reason being docker 1.13 supports automatic api version negotiation (so 1.13 client can talk to 1.12 server)… i am deploying alpine containers to docker cloud and i don't really have control over which server version is running so i can't reliable force it by setting `DOCKER_API_VERSION` in my alpine container 2017-03-10 06:22:57 <__number5__> __machine: apline is rolling updates model, no needs to backport. yes docker-engine update quite often 2017-03-10 06:24:26 <__number5__> __machine: btw, if you just running alpine as container (not as docker host), you don't need to care about the docker version *inside* alpine container 2017-03-10 06:25:58 __number5__: only edge is rolling. stable releases are not (e.g. 3.5[.x]) 2017-03-10 06:30:24 <__machine> __number5__: i want to use a stable release (this is production) but the version of docker client on alpine 3.5 is 12.6 and that will only work with docker server of same api version… docker server version is controlled by docker cloud (not me) and it changes from time to time… i am running alpine as a container, but i mount the docker socket from the host into the container so i can exec commands in other containers on the same 2017-03-10 06:31:01 <__machine> i read on the wiki that packages are backported into stable release sometimes if you ask on irc/forum/etc and have a good reason 2017-03-10 06:39:37 <__number5__> __machine: you can add edge repo to you stable apline, allowing only docker-engine use edge version, check the apk page on wiki 2017-03-10 06:40:19 <__machine> does that generally work fine? 2017-03-10 06:40:23 <__number5__> avih: yep, you are right. I'm thinking security updates... 2017-03-10 06:41:32 <__number5__> __machine: it should be fine unless docker changed hugely required some libs version not in stable alpine (which is rare) 2017-03-10 06:41:33 __machine: generally yes, but not always. on some cases edge breaks (and then quickly unbreaks, but still) 2017-03-10 06:43:26 <__machine> so it would have to be an extreme defect to consider backporting a package into stable, so that it too remains stable? 2017-03-10 06:44:48 stable in general gets security updates. i'm guessing major bugs could too, though not sure. 2017-03-10 06:45:49 as for pinning, i _think_ you can pin a specific version of docker from edge. so as long as you verify this version works for you, you can manually upgrade just the docker version to some specific $version from edge 2017-03-10 06:47:14 <__machine> thanks, i'll try that 2017-03-10 06:57:33 __machine: though thinking about it, not sure how that'd work. since packages at the repos are latest for a specific alpine version AFAIK, so if docker updated on edge, it doesn't sound reasonable that older versions will be kept around (much?). 2017-03-10 06:57:54 <__machine> doh 2017-03-10 06:58:35 but i'm out of my depth. maybe wait for someone more knowledgeable to reply. 2017-03-10 09:16:46 I get python segfaults on alpine, is that common? 2017-03-10 10:06:29 Hi, does anyone know if there is any effort on getting OpenStack running on Alpine? 2017-03-10 14:56:15 ptman[m]: can you give more detail? 2017-03-10 15:23:22 Xe: so that bug report actually gives more detail than I can dig up 2017-03-10 15:24:11 I just got python[17245]: segfault at 7f1f0cf278a8 ip 00007f1f05a5db6c sp 00007f1f0cf278a0 error 6 in ujson.so[7f1f05a57000+209000] 2017-03-10 15:53:59 ptman[m]: thanks for opening the issue on github ;) 2017-03-10 16:11:42 okay; on laptops I have no problems with Alpine, but on desktop PCs I still run into this annoyance that is keyboard and mouse not working on lxdm startup, I need to re-plug the mouse in and it seems to generate a device scan event of some sort after which peripherals work 2017-03-10 16:11:57 what am I missing here? 2017-03-10 16:28:18 TBB, on udev? maybe udev-trigger is not activated service? 2017-03-10 16:28:42 i think setup-xorg-base is missing that 2017-03-10 16:28:54 but setup-udev does it properly 2017-03-10 16:29:07 ncopa, ^ was setup-xorg-base ever fixed to call setup-udev? 2017-03-10 16:32:29 admittedly, since I work in a restricted environment, my current install repositories are a snapshot of 3.4.6 so it might have been fixed since 2017-03-10 16:33:22 but knowing what you just told me will probably help me enough to fix the setups here. let me dash to the Other Side to check this. 2017-03-10 16:42:01 yup, that's the fix. thank you once again fabled :) 2017-03-10 17:27:37 odc: let's hope it helps, I have no idea 2017-03-10 17:54:25 Anyone using alpine + vagrant? For some reason after updating apk, exiting shell and re-logging(vagrant ssh) in again it hangs up. Always freezes. Not sure why 2017-03-10 19:57:56 fabled, TBB no i dont think we ever fixed setup-xorg-base 2017-03-10 22:09:20 how do you make alpine boot from EFI? 2017-03-10 22:10:08 simple 2017-03-10 22:11:17 add gummiboot to your install, copy its efi binary to /boot/EFI/boot/bootx64.efi and write the configuration files /boot/loader/loader.conf and /boot/loader/entries/yourentry.conf 2017-03-10 22:11:47 better question 2017-03-10 22:11:57 why isn't that already done for existing boot media? 2017-03-10 22:12:33 i have a small cluster of atoms that only boot over EFI 2017-03-10 22:12:43 just a guess, but UEFI systems can usually boot with "legacy" settings but legacy systems can't boot UEFI 2017-03-10 22:13:01 TBB: these minnowboards cannot 2017-03-10 22:13:27 also, those two usually use different bootloaders... I don't even know if syslinux properly supports UEFI still; I went with gummiboot 2017-03-10 22:29:27 Xe: There appears to be a grub-efi package that is also supported under isolinux's hybrid mode as in addition to gummiboot. 2017-03-10 22:31:02 Xe: Either way, if you'd be willing to help alpha test the new mkimage code, it should be able to spit out custom images with whatever bootloader you want after only minor modification. 2017-03-10 22:31:17 (Y) 2017-03-10 22:32:25 ia32-libs where do I find this? 2017-03-10 22:32:28 it's needed for sa mp 2017-03-10 22:36:45 let me guess it's not supported? 2017-03-10 22:36:50 amazing... 2017-03-10 22:40:04 guess there is no work around 2017-03-10 22:40:11 i don't care to reinstall right now to another os 2017-03-10 22:40:13 =/ 2017-03-10 22:40:30 Fearfulx you could copy the i386 libs from another install 2017-03-10 22:40:34 i've had to do it for some binary-only apps 2017-03-10 22:40:35 works fine 2017-03-10 22:40:37 even if it's glib 2017-03-10 22:40:38 glibc 2017-03-10 22:41:01 its a little hacky but it does work 2017-03-10 22:41:07 how would I do it? 2017-03-10 22:41:09 meh 2017-03-10 22:41:13 got a guide? 2017-03-10 22:42:00 i dont know of any guide 2017-03-10 22:42:08 you can use the ldd tool to find out what libraries the binary needs 2017-03-10 22:44:46 22:43:07 fear@doomsday:~/samp03$ ldd /home/fear/samp03/samp03svr 2017-03-10 22:44:48 ldd: /home/fear/samp03/samp03svr: Not a valid dynamic program 2017-03-10 22:46:05 meh I suppose I don't need alpine linux... maybe a year they will add this crap 2017-03-10 22:49:37 gentoo hardened will be good enough 2017-03-10 22:49:45 until they can add 32bit lib support and shit 2017-03-10 23:01:46 Fearfulx: If you need to support a bunch of 32bit crap, consider just setting it up in it's own root with funtoo and keeping it away from the rest of the system. 2017-03-10 23:02:44 Fearfulx: Install a stage-3 in /x86_32 or something and setup the chroot for that. 2017-03-10 23:03:40 Fearfulx: You could even try doing a "prefix" install, where funtoo actually lives peacefully with no chroot and just sits under the directory you specify. 2017-03-10 23:04:11 i'll do it my way.. I thought alpine linux would at least have minimum support forsomethign this simple 2017-03-10 23:04:13 guess not 2017-03-10 23:06:49 Fearfulx: The issue with supporting parallel 32 bit libs is a significant increase in size because of the duplication, not to mention many libs getting cranky about which version they find. 2017-03-10 23:07:07 yet debian minimal has no issue 2017-03-10 23:07:22 Fearfulx: My main distro is funtoo for more general work for that reason. 2017-03-10 23:07:40 Fearfulx: What's the minimal installed size of debian-minimal? 2017-03-10 23:07:54 about 200mb 2017-03-10 23:08:11 I'm working on a new image builder for alpine and I'm already at less than half that for a bootable install. 2017-03-10 23:09:06 Fearfulx : Aiming for < 40mb bootable for virt if I can, and < 20 for containers. 2017-03-10 23:09:51 Fearfulx : So almost an order of magnituded difference in size for the "minimal" configurations. 2017-03-10 23:10:45 Heck, I think the funtoo stage-3 is less than a couple hundred megs, and that's a full dev setup. 2017-03-10 23:12:19 you can always make images smaller, but just how functional they are and how usable the image is is another question... 2017-03-10 23:12:50 you don't get to just drop stuff off and have things work nevertheless 2017-03-10 23:13:15 TBB: The point of the minimal image is to bootstrap itself, then stack what you want on top of it. 2017-03-10 23:13:42 yup, that's stuff I've spent the last 4 years of my career on 2017-03-10 23:13:52 TBB: I'm pretty sure I can dump 99% of the scsi stack out of the current images with impunity! 2017-03-10 23:14:26 I guess it all comes down two what we're talking when talking about images and what the usage for those images is, really 2017-03-10 23:14:39 Right now, I'm trimming down the base images to what they need and nothing else. 2017-03-10 23:14:49 for example, "apk add alpine-base" is -the- minimal Alpine setup 2017-03-10 23:15:06 TBB: Actually, no it's not :) 2017-03-10 23:15:11 it's good for chroots and stuff, and serves as a base for more complicated setup 2017-03-10 23:15:27 it is at least in one way 2017-03-10 23:15:50 that's what the minimal setup defined by the distribution seems to be 2017-03-10 23:15:58 apk add alpine-baselayout alpine-keys apk-tools busybox libc-utils 2017-03-10 23:16:07 Look at the minirootfs. 2017-03-10 23:16:27 and also there's the question of practicality 2017-03-10 23:16:43 That's perfect for setting up chroots. 2017-03-10 23:16:53 You don't want nor need anythign else. 2017-03-10 23:16:55 you can't be sure that minimal setup works when something changes 2017-03-10 23:17:06 ?? 2017-03-10 23:17:08 alpine-base on the other hand has upstream's guarantee 2017-03-10 23:17:30 alpine-base include quite a bit of other stuff that you DONT wan't in a chroot. 2017-03-10 23:17:43 see, while I'm obviously attached to the whole topic and see the point of having minimal size images, 2017-03-10 23:17:50 Fearfulx: it's not a missing feature, it's intentional 2017-03-10 23:17:54 Such as openrc 2017-03-10 23:18:09 Fearfulx: 32 bit compat on a 64 bit distro is a very legacy option and is rarely necessary 2017-03-10 23:18:34 there's a line after you've crossed it your optimisation becomes more a waste of time than useful work 2017-03-10 23:18:49 (and "your" in this context doesn't refer to YOU specifically) 2017-03-10 23:19:19 TBB: Hmm, how many chroots reduced by a 20mb a piece does it take to add up to real ram? 2017-03-10 23:19:50 Fearfulx: if it's something you need for sa:mp then maybe you should use a different distro for that, alpine is probably not the ideal choice to run a binary-only application 2017-03-10 23:20:16 welp, onlyuse alpine linux is for me is on a server 2017-03-10 23:20:17 TBB: If you're trying to run from ram, it's rather useful to have minimal image size. 2017-03-10 23:20:21 since it won't offer anything worth a crap to me 2017-03-10 23:20:26 then i guess I'll get rid of it 2017-03-10 23:20:29 disappointing 2017-03-10 23:20:33 had so much potential 2017-03-10 23:20:35 anyway 2017-03-10 23:20:54 and there's another thing. how much a dev gets paid doing optimization like that vs how cheap RAM is ... I know, that even goes against what I believe in, I like getting things done properly but there's a limit to how much money the wallet of the payer has 2017-03-10 23:20:57 Fearfulx: It's all about choosing the right tool for the job at hand. 2017-03-10 23:21:27 exactly what TemptorSent said 2017-03-10 23:21:28 seconded; Alpine is good for some use cases, bad for some others; same goes for virtually every distro 2017-03-10 23:21:40 TBB: There's that, but then again, there's me wasting that much less time fighting my own systems. 2017-03-10 23:22:20 alpine's goal is to be lightweight, if you're looking for 32 bit compat in a 64 bit distro, you're essentially duplicating the entire system and doubling its size 2017-03-10 23:22:23 that's not lightweight 2017-03-10 23:22:29 if you're trying to run a 32 bit app, use the 32 bit version 2017-03-10 23:22:31 not the 64 bit 2017-03-10 23:22:36 Fearfulx : For what you need, I would highly recommend lookign at funtoo -- you can build the system to support exactly what you need, and stil cut out the extra crap. 2017-03-10 23:22:49 or again TemptorSent's right, funtoo would likely be a good fit 2017-03-10 23:23:48 Funtoo will only build the packages that are required, and they will be 32 bit versions of the SAME packages as the 64 bit versions, so at least you have a better chance of thigns playing nicely when they include the header from one and use the library from the other. 2017-03-10 23:25:26 Fearfulx : Alpine more intended for single-purpose, embedded, or minimally configured applications, not so much general workstation/desktop use (although it supports that quite well within some limitations) 2017-03-10 23:26:17 TBB: So a question for you, regarding the "base" configuration -- what packages should it include in the rootfs? 2017-03-10 23:26:59 TBB: Do we really need everything in network-extras, or should we cherry-pick, then let the other profiles include as needed? 2017-03-10 23:27:43 no use to be here anymore meh 2017-03-10 23:27:46 TBB: For instance, a rpi probably doesn't need bridging, vlan, and ppp support by default. 2017-03-10 23:27:58 man 2017-03-10 23:28:02 he reeks of troll 2017-03-10 23:28:10 Wow, that was interesting... 2017-03-10 23:28:11 "why don't you guys include two copies of every library" 2017-03-10 23:28:19 >lightweight distro 2017-03-10 23:28:58 scv: It wouldn't be impossible to support a nested configuration, but it would take a fair bit of effort to make everything play nice 2017-03-10 23:29:29 of course it's not impossible, but it flies directly in the face of alpine's intended goals/use case 2017-03-10 23:30:02 scv: Not necessarily, as long as it was essentially alpine-on-alpine. 2017-03-10 23:30:32 scv: I actually need that sort of nesting support in some cases myself, but not quite the same way. 2017-03-10 23:30:47 I also make my own image maker 2017-03-10 23:30:48 i'd just say use a chroot if you absolutely need to run a proprietary 32 bit app on a 64 bit install 2017-03-10 23:30:50 VMs on a iso image to be net-booted to ram. 2017-03-10 23:31:01 but this guy reeks of troll 2017-03-10 23:31:04 23:07 < Fearfulx> yet debian minimal has no issue 2017-03-10 23:31:16 if debian minimal has no issue then why don't you just go use debian minimal then :^) 2017-03-10 23:31:24 I understand where he's coming from in a way but his communication could be a bit less negative 2017-03-10 23:31:25 scv: That's what I was suggesting, supporting a nested chroot somewhat intelligently. 2017-03-10 23:31:51 TBB: Agreed. I was young and angry once... 2017-03-10 23:32:06 TBB: ...not quite so young any more :) 2017-03-10 23:32:21 just sounds like he wants his application to just work out of the box, no effort required 2017-03-10 23:32:29 TemptorSent: that is a good question; I guess my own needs are more focused on desktops and laptops, but minimalistic environments naturally benefit from proper optimization 2017-03-10 23:32:37 scv: It would always be nice. 2017-03-10 23:33:05 yeah, I would probably be much father along with my work effort had I not chosen Alpine as the base distro 2017-03-10 23:33:08 TemptorSent: again, right tool for the job 2017-03-10 23:33:14 however 2017-03-10 23:33:19 TBB: The profile builder will allow you to setup anythign from a skeleton rootfs to a fully configured server with services running and data loaded. 2017-03-10 23:34:06 I don't mind, because using Alpine pushes me forward in my own knowledge of Linux distributions, packaging, all kinds of things 2017-03-10 23:34:08 i like alpine because the system is small enough to the point where i can understand every component that's present, it's not a massive pile of interdependent packages that are all tweaked and managed in a distro-specific way (i.e. debian, fedora etc) 2017-03-10 23:34:35 and Alpine has some of the security already implemented that I would've had to implement myself using just about any other distribution 2017-03-10 23:34:42 TBB: Yeah, I'm almost two weeks behind on a deliverable because I got sucked into fixing alpine's old build system (the one one the wiki) before finding out it was depreciated, and now essentially rewriting mkimage into a general-purpose image builder, not just a releae tool. 2017-03-10 23:34:45 to me feels like a lot of the linux ecosystem is drifting towards excessive complexity 2017-03-10 23:34:56 okay, so it requires me to do some magic with packaging sometimes, but that's what I get paid for 2017-03-10 23:35:53 TemptorSent: makes me wonder... if I ever get to publish my own installer (I do have a preliminary license to do that but it's still stuck in bureaucracy) 2017-03-10 23:36:08 ... there might be some synergy between what you do and what I do 2017-03-10 23:36:18 scv; I remember when I was loading *floppies* into a 386 to install slack... I think it was less than 5 for the whole system, the rest were optional! 2017-03-10 23:36:54 because based on what I've been reading on this channel from you lately (while too busy to engage in a conversation) I believe there might be synergies achievable 2017-03-10 23:37:02 TBB: I made a stupidly simple plugin loading system that does most of the work now.. 2017-03-10 23:37:11 TemptorSent: the good old days :) 2017-03-10 23:37:33 scv : It sure beat typing minix in off harcopies! 2017-03-10 23:37:41 heh, mine is pure Bash (got an sh implementation as well but I really like associative arrays) 2017-03-10 23:37:48 TemptorSent: and now we have the monstrosity known as systemd, an era where /sbin/init uses more memory than was physically present in some machines i used to use 2017-03-10 23:38:52 TBB, yeah - it took me a while to get over my bashims (mostly -- I use ${var//s/r} since we happen to support it and it saves a lot of pain in a few places. 2017-03-10 23:39:09 it's natural that the Linux ecosystem is bloated, but like Alpine for example demonstrates, you can still keep things small, simple and effective 2017-03-10 23:40:13 TBB: Yeah, but you have to work for it these days! 2017-03-10 23:40:15 TemptorSent, I wrote the sh implementation to figure out how much cleaner I could pull off all the features I wanted, but I quite soon came to the conclusion Bash and bashisms are not that bad 2017-03-10 23:40:33 true, someone needs to keep things under control 2017-03-10 23:41:21 btw, I spent some time with early Linux and was like "who the hell is going to ever use this?" 2017-03-10 23:41:41 and happily spent 3-4 years using FreeBSD 2017-03-10 23:41:59 TBB: Have you had a chance to take a look at my mkinitfs branch? https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-10 23:42:13 yeah, freebsd was my first personal *nix as well 2017-03-10 23:42:43 TemptorSent: no I haven't. I could have a look tho if I can squeeze a couple hours into this weekend for it :) 2017-03-10 23:43:22 TBB: Yeah, I was playing with some of the 0.0x kernels from cs.hut.helsinki.fi 2017-03-10 23:43:48 TBB: Just take a quite browse, you should be able to actuall make sense of the profiles at a glance. 2017-03-10 23:44:39 github is pre-surgery, so I'm doing some major cutting of fat and rearranging of profiles right now to make them both slimmer and easier to extend. 2017-03-10 23:44:45 probably; I mean, when the purpose for the tool is what it is, and it sounds close to what I do... well, there's not that many different paths to the same goal 2017-03-10 23:45:38 TBB: It's a general purpose builder really, it just happens to be doing alpine profiles :) 2017-03-10 23:45:50 same for mine 2017-03-10 23:46:29 TBB: A few more things that need to be cleaned up before I'm really happy with it, especially in getting rid of variable references in foreign places since they get trashed too easily. 2017-03-10 23:46:34 I was doing a project on CentOS, then we switched to Alpine, and all of a sudden another project wanted assistance so I wrote a tool that supported both CentOS and Alpine 2017-03-10 23:47:18 and I've been on that road ever since; too busy to properly rewrite the whole thing... 2017-03-10 23:47:34 TBB: It should be able to handle parallel building of the profiles with a few lines added and some minor changes to ensure exported globals dont get stepped on 2017-03-10 23:47:53 i recently quit my last job, but one of the final tasks was porting our entire internal infra from cent6 to alpine 2017-03-10 23:48:15 TBB: Yeah, too late for that -- I think I've rewritten all but a couple dozen lines, and added far more. 2017-03-10 23:48:17 nearly 3:1 consolidation on VM instance size between el6 and alpine for the exact same stack 2017-03-10 23:48:21 packages all built from scratch 2017-03-10 23:48:26 (asterisk / management rpc) 2017-03-10 23:48:44 not just disk space but runtime memory usage as well 2017-03-10 23:48:50 I used to do that, the original installer I wrote for a long since gone version of what I do for a living, it was written in a way to allow one host system to install tens of systems in parallel 2017-03-10 23:48:53 ksm on the hosts achieving nearly 50% deduplication under alpine 2017-03-10 23:48:58 very pleased with the results 2017-03-10 23:49:01 scv: Oh, you'd love what mkimage does now then. 2017-03-10 23:49:25 TemptorSent: what do you mean 2017-03-10 23:49:45 You can build one-off pre-configured images and overlays direclty. 2017-03-10 23:50:10 ah that sounds nice 2017-03-10 23:50:51 Autogenerate ssh key pairs (host, root user, and root login currently), start the daemons, start the database, etc. 2017-03-10 23:50:51 we just had an in-house system to build the image in a chroot then boot the instance 2017-03-10 23:50:57 pretty much same stuff then 2017-03-10 23:51:05 sounds like i need to take a look at it 2017-03-10 23:51:50 much better than the old el6 deployments, they were cloning disk images, never regenning ssh keys, same uuids for disks on each vm 2017-03-10 23:51:51 a real mess 2017-03-10 23:51:57 scv right, this lets you configre it on a per-instance level if you want, dumping the output directly to the chroot would be easy. 2017-03-10 23:53:36 scv: Yeah, I don't like the concept of sharing host keys they way they're usually done either -- this only keeps the public host key and root user key in the key bin, so you can actually reasonably authenticate. 2017-03-10 23:54:27 No later man-in-the-middle because someone snagged your keys. 2017-03-10 23:54:57 these deployments didn't even really need ssh, probably would've been fine emulating serial consoles to a fifo on the host 2017-03-10 23:55:09 they're managed completely through the platform rpc 2017-03-10 23:55:24 s/fifo/socket 2017-03-10 23:55:31 but w/e not my concern anymore :p 2017-03-10 23:55:36 scv: Yeah, that's pretty minimal requirements. 2017-03-10 23:55:44 they decided to ditch their in-house platform for some 3rd party garbage 2017-03-10 23:55:44 :) 2017-03-10 23:55:55 That'll bite them in the ass. 2017-03-10 23:56:02 that's always fun 2017-03-10 23:56:03 i spent 15 minutes pentesting it when they setup a demo ... sql injections galore, local file inclusions 2017-03-10 23:56:07 it's a right gong show 2017-03-10 23:56:16 i feel really bad for them 2017-03-10 23:56:19 but again 2017-03-10 23:56:21 their decision 2017-03-10 23:56:38 I just got to demonstrate today how doing some development in-house is beneficial 2017-03-10 23:56:46 Just be damn glad you're not there to try to support it when it goes down in flames. 2017-03-10 23:57:03 a guy had a problem that required new functionality from the build tools, 10 minutes later he had it 2017-03-10 23:57:06 oh i'm still on contract with them to maintain the legacy systems until they finish migration, but i refuse to touch the new stuff 2017-03-10 23:57:19 the new platform comes with a support contract, their engineers are clueless 2017-03-10 23:57:39 it only runs on ubuntu 14.04, they were having some trouble while doing their setup, apt was segfaulting 2017-03-10 23:57:50 they sent it back to us, "you need to check your firewall" 2017-03-10 23:57:58 but now, time for sleep. Temptor, I'll have a closer look this weekend 2017-03-10 23:57:58 ACTION headdesk x100 2017-03-10 23:58:37 on top of that they're putting every single customer on a single monolithic binary, multi-tenant pbx 2017-03-10 23:58:50 compared to the old platform where each customer has their own dedicated instance, scales out horizontally as much as you want 2017-03-10 23:59:05 instead let's just jam every customer on the same friggin binary 2017-03-10 23:59:08 sounds real scalable 2017-03-10 23:59:12 /rant 2017-03-11 00:00:51 TBB: Have a good night, it's been a pleasure. 2017-03-11 00:01:15 scv: Oh, this will end well... 2017-03-11 00:01:55 scv: Actually, maybe you'd be up for helping spec a voip profile? 2017-03-11 00:02:15 maybe, what are the details 2017-03-11 00:03:55 scv: Essentially a purpose-built image for handling voip services (dahdi/asterisk/?) with appropriate network tools and configuration. 2017-03-11 00:04:29 i'm actually starting a project along those lines 2017-03-11 00:05:01 i retained rights to the platform when i left the company, but i'm reimplementing everything from scratch just to avoid any sort of legal issues 2017-03-11 00:05:19 scv good call. 2017-03-11 00:05:52 but the goal is to build a generic voip platform that can be used as a standalone pbx or scale up to multitenant, managed from a single interface 2017-03-11 00:06:02 covers everything from carrier switching to endpoint provisioning 2017-03-11 00:07:03 scv: Sounds like a good fit for what I'm working on in terms of build system and provisioning. 2017-03-11 00:08:01 we've only just been discussing implementation, haven't done any real work yet, one of my projects for this weekend is to setup an internal wiki and issue tracker actually 2017-03-11 00:08:06 to start laying down a roadmap 2017-03-11 00:08:10 scv: The builds system can build baked images, so there's no write requirement and everythign can be ram-resident and DB backed. 2017-03-11 00:08:31 yeah, that's what i was aiming for with the previous system 2017-03-11 00:09:01 the instances were managed from a central system but could run independently, configs were pushed via rpc and built on the fly 2017-03-11 00:09:27 abstracted config over rpc -> compiled into the relevant asterisk/etc configuration 2017-03-11 00:09:30 scv: kernel+initramfs+pkgs database+overlay in run-from-ram mode. 2017-03-11 00:09:57 i didn't get to the point of implementing the system to run as read-only but the groundwork was in place when we switched to alpine 2017-03-11 00:10:01 scv: Yup, this is the rest of it:) 2017-03-11 00:10:04 cool 2017-03-11 00:10:44 scv: I'm working on auto-provisioning postgresql/postgis with dump loading and all. 2017-03-11 00:11:32 scv: I get sick of doing things manually, what can I say? 2017-03-11 00:11:36 when i actually have a roadmap laid out and some initial design done you're more than welcome to come work with us 2017-03-11 00:11:38 yeah 2017-03-11 00:11:55 when i joined that company 5 years ago they were just running copies of freepbx on bare metal 2017-03-11 00:12:12 More to the point, I get sick of trying to get people who shouldn't touch computers to install something. 2017-03-11 00:12:17 heh 2017-03-11 00:12:42 yeah, i got things to the point where deploying a new pbx was just a single click in the management interface 2017-03-11 00:13:01 give it a name and click 'provision' and it'd spin up a new disk image, install the packages, and boot the vm 2017-03-11 00:13:20 scv Cool. 2017-03-11 00:13:46 much better than their old setup where they'd straight up install a fresh cent system and load freepbx from scratch each time 2017-03-11 00:13:53 no consistency at all in deployments, was a real mess 2017-03-11 00:15:14 Love that. 2017-03-11 00:16:17 their mindset, "hosted pbx is easy!" yeah maybe when you've got a half dozen customers, do you really expect to continue managing it that way when you've got 100+ customers? 2017-03-11 00:16:51 when you've got over 1000 hard phones in the field, how do you expect to keep track of everything if there's no centralized db 2017-03-11 00:17:33 scv: Yeah, especially if you have POTS/ISDN/Centrex terminations to deal with as well 2017-03-11 00:17:37 mhm 2017-03-11 00:17:40 a real mess 2017-03-11 00:17:59 anyway i gotta get back to it, i'll ping you later on :) 2017-03-11 00:18:03 No circut capability database? Yeah, it's not going to be pretty! 2017-03-11 00:18:24 scv: Sounds good -- take a look at the tree and let me know your thoughts. 2017-03-11 06:45:22 Not bad -- 28MB virt image... too bad it's not quite there yet... misssing a couple modules for boot still. 2017-03-11 06:45:39 Any virtio experts handy? 2017-03-11 07:00:15 Good evening fabled, how are you? 2017-03-11 07:10:15 TemptorSent, thanks. breakfast and then out. i hope to be able to look at your work in more detail by Monday 2017-03-11 07:10:48 fabled: No worries, when you have the time. 2017-03-11 07:11:35 fabled: Right now I'm trying to see how much fat I can trim out of the images, but I need to do something about init/mkinitfs to really make cuts. 2017-03-11 07:13:03 Trying to come up with a bare-minimum config bootable in qemu 2017-03-11 07:15:49 fabled: I REALLY need to get mkinitfs to use a cache... 2017-03-11 07:19:57 right 2017-03-11 07:20:24 i was wondering if apk should also pick up the cache-dir from an environment variable too; or should we just patch mkinitfs to pass it through 2017-03-11 07:20:26 update-kernel/mkinitfs is where the real grinding is currently. 2017-03-11 07:20:50 It'd be nice to have and env variable we could set to point it in the right place, with cmdline override when needed 2017-03-11 07:21:33 yeah, that would probably be simplest fix 2017-03-11 07:21:34 The work dir as well, AND the option to keep the work dirs for both update-kernel and mkinitfs. 2017-03-11 07:22:00 need to run now 2017-03-11 07:22:06 Basically a set of env vars that parallel the cmdline opts would be great. 2017-03-11 07:22:12 Alright, have a great day! 2017-03-11 07:53:10 Alright, the base profile part needs a bit of refining and probably splitting off into harware specific configs vs. general configs on the backend, but everything can use the base profile and set the profile_base_type variable appropriately. 2017-03-11 10:44:05 You appear to be running a grsec enabled kernel. 2017-03-11 10:44:06 flashrom needs write access to /dev/mem and will likely not work 2017-03-11 10:44:16 Vhat do I do? 2017-03-11 14:40:42 Hi, I have an issue with sshd and OpenRC 2017-03-11 14:41:08 My sshd config binds the TCP socket to a specific network interface 2017-03-11 14:41:31 OpenRC complains that I need to add rc_need="net.eth1" to /etc/conf.d/sshd 2017-03-11 14:42:12 But `rc-update add net.eth1 default` fails because service `net.eth1` does not exist 2017-03-11 14:42:19 How can I solve this? 2017-03-11 15:17:06 Sander: how does eth1 come up? 2017-03-11 15:56:03 Sander: this is an issue with a copied openrc script from Gentoo 2017-03-11 15:56:11 Sander: alpine doesn't have device-specific init scripts 2017-03-11 15:56:16 for networking 2017-03-11 15:56:33 Sander: try simply adding rc_need=net to /etc/conf.d/sshd 2017-03-11 15:56:38 (the rc-update thing was never necessary) 2017-03-11 16:47:28 my name is killall dashnine. you locked up my x11 session. prepare to die. 2017-03-11 18:24:43 'morning mmlb, how's it going? 2017-03-11 20:39:38 hey TemptorSent morning 2017-03-11 20:39:43 ish 2017-03-11 20:39:50 on some planet 2017-03-11 20:40:04 as long as it has a broken clock 2017-03-11 20:40:47 haven't gone back and checked out readelf invocation, had to stop custom image work and finish up some release/test work. 2017-03-11 20:41:01 I hope to get some time next week to get that out 2017-03-11 20:41:18 s/that out/back to custom image/ 2017-03-11 20:51:48 mmlb - fixed, grab ncopa's lddtree :) 2017-03-11 20:52:28 mmlb - It builds aarch64 happily now.. testing is another matter :) 2017-03-11 20:56:37 Right now I'm working on making mkinitfs only give me what I actually want, not the entire scsi tree. 2017-03-11 20:57:41 Trying to establish the minimal set of kernel modules required for a virtio guest. 2017-03-12 02:17:31 Hi I have a Docker container and when I try to run curl or wget I get a 404 error. When I run the wget command on the host everything works (only the docker build doesn't work) 2017-03-12 02:25:49 sad :) 2017-03-12 06:45:32 hi 2017-03-12 06:45:36 hi 2017-03-12 06:45:43 how do i get unbanned on the wiki? 2017-03-12 06:45:55 i tried to edit a discussion page 2017-03-12 06:46:39 and got banned for the reason "New users are not allowed to add ip addresses and phone numbers" 2017-03-12 06:47:05 the edit in question was ": Even after adding subuids and subgids, I get the same error. ~~~~" 2017-03-12 06:47:39 it must have mistook the dates in ~~~~ for phone numbers 2017-03-12 06:48:43 an anonymous edit or do you have a registered account? 2017-03-12 06:48:52 i just registered 2017-03-12 06:49:09 my nick is the same as here 2017-03-12 06:49:20 i'm not sure where to ask, sorry can't be of much help 2017-03-12 06:50:15 oh 2017-03-12 06:50:28 it says "contact an administrator" 2017-03-12 06:50:59 i figured irc would be a good place to find an administrator 2017-03-12 06:52:14 it doesn't look like anybody's around atm though 2017-03-12 06:52:20 mostly just other users in here 2017-03-12 06:55:11 imv: try again in just more than 24 hours. many are europeans. 2017-03-12 15:05:11 hrrrm, is there any way to bootstrap an ARM install from an x86 box? 2017-03-12 15:06:08 I suppose I could boot the rpi image and go from there 2017-03-12 17:18:13 Klowner: wouldn't running apk with --arch armhf --root $MOUNTPOINT do the trick? or do you need some additional magic to happen there? 2017-03-12 17:33:06 does the alpine rpi dist include binary blobs? i've heard the rpi can't boot without such. is that the case? 2017-03-12 17:51:16 Klowner: If you'd like to test it, my branch of mkimage cross builds images for arm from x86_64. https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-12 18:15:43 ls 2017-03-12 18:15:57 Oops, wrong vt :) 2017-03-12 19:02:23 Hey, which version of x86 is the x86 variant of alpine built for? 2017-03-12 20:12:26 G'd afternoon mmlb. 2017-03-13 02:43:30 probably a lame question, but here you go: has anybody tried the alpine image on vultr? network doesn't seem to come up for me 2017-03-13 03:50:21 so trying out go and I get "go install runtime/internal/sys: open /usr/lib/go/pkg/linux_amd64/runtime/internal/sys.a: permission denied 2017-03-13 03:50:21 " on alpine 2017-03-13 03:50:33 thank you newline 2017-03-13 04:31:23 yeah go is effectively broken on alpine due to -buildmode=pie 2017-03-13 04:31:41 unless you use the sudo hammer 2017-03-13 04:31:53 nwmcsween_: how are you installing go? 2017-03-13 04:31:57 apk 2017-03-13 04:32:22 nwmcsween_: install libc6-compat and try the go tarball from upstream 2017-03-13 09:06:30 hi; is libc.a still readily available somewhere? 2017-03-13 10:27:22 Can anyone tell me where to find the hid-kensington driver in 3.5? :) 2017-03-13 10:36:50 zhasha: 2017-03-13 10:36:52 config-grsec.armhf:# CONFIG_HID_KENSINGTON is not set 2017-03-13 10:36:52 config-grsec.x86:# CONFIG_HID_KENSINGTON is not set 2017-03-13 10:36:52 config-grsec.x86_64:# CONFIG_HID_KENSINGTON is not set 2017-03-13 10:37:09 zhasha: is it enough to enable it for edge only so far? 2017-03-13 10:37:35 I'm completely new to apk but I'm not above installing a kernel from edge 2017-03-13 10:37:38 just need to know how 2017-03-13 10:37:47 i will upgrade the kernels today so i can enable this driver while at it 2017-03-13 10:37:53 Awesome :) 2017-03-13 10:38:02 in aport/main/linux-grsec, there are kernel configs 2017-03-13 10:38:14 edit the config file, abuild checksum && abuild -r 2017-03-13 10:38:21 and it should spit out a kernel package for you 2017-03-13 10:38:34 but i think we should enable this in default kernel 2017-03-13 10:38:51 zhasha: it would be nice if you could file an issue, for the history 2017-03-13 10:39:02 http://bugs.alpinelinux.org/projects/alpine/issues 2017-03-13 10:39:35 then i can include the issue number in commit message so in future, we know why it was added 2017-03-13 10:51:27 I'll get on it 2017-03-13 11:00:39 what kind of input dev is kensington? 2017-03-13 11:03:51 does it make sense to enable this driver for armhf and aarch64? 2017-03-13 11:04:15 it's a trackball 2017-03-13 11:04:23 regular USB trackball 2017-03-13 14:20:12 ncopa: sorry for the slowness http://bugs.alpinelinux.org/issues/7007 2017-03-13 14:20:44 compiling the whole kernel on half the CPU power of a T61 was probably a bad idea 2017-03-13 16:23:10 hello everyone :D 2017-03-13 19:29:51 hi 2017-03-13 21:23:58 Hi there, I wonder if there is any historian around, I would like to understand how Alpine came to being and what is the relation with gentoo-hardened project? Anybody can point me right way? 2017-03-13 21:25:12 gentoo hardened was way before alpine 2017-03-13 21:25:39 like 2003 iirc 2017-03-13 21:26:33 and I think the pax team was originally on it or working with it (don't quote me on that) 2017-03-13 21:34:27 and Alpine was in the beginning something like gentoo overlay? 2017-03-13 21:38:03 pipacs is running some gentoo, yeah 2017-03-13 21:40:22 saidso: http://git.net/ml/linux.leaf.devel/2005-08/msg00039.html link taken from the apline wikipedia page 2017-03-13 21:48:59 avih: awesome, good read. So it was gentoo hardened.. I am thinking of transmogrifying gentoo-hardened with the goal that would get me probably close to what Alpine is today. The idea is to retain more control over package compilation and use flags.. Just wonder how can I learn from history of Alpine 2017-03-13 21:49:45 avih: how cool, i never saw that 2017-03-13 21:50:20 googling "alpine linux history" tends to work ;) 2017-03-13 21:50:26 oh so glad we moved away from udev :) 2017-03-13 21:50:35 avih: :) never figured it went back that long 2017-03-13 21:52:08 the issue with gentoo is it's a pain 2017-03-13 21:52:22 ^ 2017-03-13 21:52:53 if there was some sort of integration tests to make sure stuff didn't break all the time it might not be so bad 2017-03-13 21:53:22 nwmcsween_: linker errors are "fun" though!!!111!! 2017-03-13 21:55:17 nwmcsween_: yes, gentoo can be a pain, that is why I look into Alpine now 2017-03-13 21:57:33 I like the way how USE FLAGS work in gentoo, is there something similar in Alpine universe? (did some reading but not enough yet) 2017-03-13 21:58:11 no, if you want something like that and to be binary it would need a new distro 2017-03-13 21:58:42 prob using a bsdiff or something 2017-03-13 21:59:28 USE FLAGS are basically the reason why gentoo is a pain :) 2017-03-13 22:00:19 but it is handy sometimes when you don't want to pull in a huge dep chain 2017-03-13 22:01:02 yes, ideally there would be better solutions to that though 2017-03-13 22:01:16 like a stub lib that "provides foo" 2017-03-13 22:04:35 dalias: they can be double sided sword for sure, though I am not aware of any other way than LFS that would give you similar control/granularity of code running on your box 2017-03-13 22:05:50 it gets really complicated fast though, does stub lib provide 100% of the same api, same effects? 2017-03-13 22:06:11 I wanted to do it for automatically generating 'alternatives' 2017-03-13 22:07:25 e.g libev libevent compat api 2017-03-13 22:09:59 saidso, indeed; the granularity is what makes it a pain though 2017-03-13 22:10:54 and in some sense, i'd say you have more "control of the code running on your box" when you can prove (reproducible builds) that it matches what everyone else is getting rather than when it has the most trivial customizations 2017-03-13 22:11:27 because in the latter case it's actually hard to know if bugs or backdoors specific to your own build got baked in 2017-03-13 22:11:45 true, but you are outside of monoculture 2017-03-13 22:12:02 it probably makes packaging a much bigger effort, but from a user's perspective the flags could be arranged hierarchically, for example, to make it a bit clearer 2017-03-13 22:13:41 reproducibility is a definitely a problem in a system of the level of granularity Gentoo has it 2017-03-13 22:14:02 can you really do more than just verify you're getting the same _source_ than the others... 2017-03-13 22:15:55 yes you could record compiler flags, version, etc, turn off timestamps, etc and hash the resulting output 2017-03-13 22:17:00 you could but if you think about the number of use flags in gentoo for example... okay, admittedly not every single flag applies to every single ebuild, but the amount of combinations would still be huge 2017-03-13 22:17:07 somewhat like bitcoin 2017-03-13 22:17:29 it would be vulnerable to a majority attack 2017-03-13 22:18:26 gentoo bins already does that though 2017-03-13 22:18:55 it records the use flags when creating binaries to ensure it can me installed 2017-03-13 22:26:10 thanks for ideas, I am still evaluating my requirements. What is the opinion on SELinux in Alpine community? 2017-03-13 22:28:16 can you actually use selinux and grsec? 2017-03-13 22:29:29 nothing stops you from using selinux, but using the two simultaneously is probably not worth the effort, and might even be impossible 2017-03-13 22:29:43 as a sidenote, I only speak for myself 2017-03-13 22:30:09 grsec has rbac or rsbac or something 2017-03-13 22:30:18 the advantage of selinux would be that you have plenty of resources for policies 2017-03-13 22:30:46 TBB: ok, I was using SELinux before, but not much experience with grsec config 2017-03-13 22:31:09 but the origin of selinux is what makes some people allergic, possibly for a reason 2017-03-13 22:31:24 TBB: yup, aware of that :D 2017-03-13 22:32:10 but grsecurity is nice, very nice. it will require a considerable amount of effort to use effectively, but it does a _lot_ 2017-03-13 22:33:20 grsec and selinux are somewhat different, grsec rsbac and selinux are comparable 2017-03-13 22:33:30 err grsec rbac 2017-03-13 22:33:34 https://www.grsecurity.net/compare.php 2017-03-13 22:34:05 yes selinux is MAC only 2017-03-13 22:34:17 grsec has rbac but it isn't used in alpine 2017-03-13 22:34:24 it indeed does a lot.. sounds I will learn something new. 2017-03-13 22:38:12 kspp will eventually catch up to grsec in some form 2017-03-13 22:38:33 does alpine keep getting grsec patches? 2017-03-13 22:39:15 unstables ones 2017-03-13 22:40:05 TBB: "but grsecurity is nice, very nice. it will require a considerable amount of effort to use effectively, but it does a _lot_" I beg to disagree 2017-03-13 22:40:23 but maybe you're talking about RBAC 2017-03-13 22:42:05 so alpine doesn't have some deal with grsec over stable patches? 2017-03-13 22:42:14 it runs unstable? 2017-03-13 22:42:29 yes 2017-03-13 22:43:32 nwmcsween_: if alpine was getting stable patches, everyone could simply rip them off ;) 2017-03-13 22:44:10 they offered stable patches to previous users for free iirc 2017-03-13 22:44:26 *sponsors 2017-03-13 22:58:54 very interesting, was not aware of testing/sponsors grsec. Read up little bit about it https://lwn.net/Articles/313621/... so is it actually good idea to run Alpine with grsec testing patches on production infrastructure? 2017-03-13 22:59:26 or is Vanilla Alpine considered more stable? 2017-03-13 23:00:18 (Vanilla Kernel Alpine) 2017-03-13 23:01:17 do you trust unstable patch bombs? 2017-03-13 23:01:38 (basically what grsec does) 2017-03-13 23:04:56 oh lol 2017-03-13 23:05:11 nope, but I got that SECURITY is a feature of Alpine based on https://www.alpinelinux.org/about/ and it says (while reading carefully) that having "unstable patch bombs" is an advantage.. while being rock-solid... 2017-03-13 23:05:20 armchair sec discussion 2017-03-13 23:06:10 darkfader: hhhh just exploration 2017-03-13 23:06:22 you can ask "has any of you ever experienced any negative outcome of having unstable grsec patches, ever" 2017-03-13 23:06:25 try that 2017-03-13 23:06:52 nope, never 2017-03-13 23:06:59 then it's fine 2017-03-13 23:07:03 (for years) 2017-03-13 23:10:12 alright.. fair question.. empirical answer 2017-03-13 23:10:47 jvoisin: +1 2017-03-13 23:53:45 plus, if there's a grsec (or other kernel) issue, then it's likely to be detected while on edge, and handled before it turns into stable. 2017-03-13 23:54:23 this probably applies to any issue in general, but just applies to grsec too. 2017-03-14 00:27:05 sry, i had a long disconnect 2017-03-14 00:27:14 one thing i wanted to add 2017-03-14 00:27:38 since the default is to use grsec, you don't end up as a fringe user for having a secuirty component active 2017-03-14 00:27:47 that's what makes detection of issues likely 2017-03-14 00:27:54 and also helps in general 2017-03-14 00:28:16 noone will suggest "turn it off" like people do for selinux if you ask in the wrong place 2017-03-14 00:28:37 people might ask you to boot into vanilla to verify if something is a grsec issue 2017-03-14 00:28:52 but noone expects you to turn it off to make their thinking easier 2017-03-14 00:29:02 and that's a nice thing 2017-03-14 00:29:19 the fact that you need to change how the system boots is good iMO 2017-03-14 00:29:21 IMO* 2017-03-14 08:20:16 Hello everyone :) 2017-03-14 13:46:30 arrrgh, invalid opcode is back 2017-03-14 13:49:26 I've had to roll my own version of hplip as the one in testing is basically featureless... the last time I did this was about one year ago and I hit the same issue but was able to get past it by changing compiler optimization settings 2017-03-14 13:49:56 well, that fix was only temporary, it seems; one .so seems to trigger an invalid opcode trap 2017-03-14 13:51:49 at least I can never complain that my job doesn't allow me to keep learning about things, I guess :) 2017-03-14 14:43:01 seems many places online seem to attribute that specific problem to intel bugs fixable with firmware updates, but somehow I doubt that's the explanation in this case 2017-03-14 14:46:10 Seems more likely that they hand rolled some asm without checking if the processor supports it properly 2017-03-14 14:46:52 maybe made it contingent on some #define that doesn't actually cover it 2017-03-14 14:48:14 that would make sense, but that unfortunately goes beyond my skillset; I'm the kind of guy who refuses to learn C knowing he'd only shoot himself and several others in the foot by coding C for a living :) 2017-03-14 14:48:53 however, I've got a guy or two in my team who should be capable of investigating that possibility 2017-03-14 14:57:24 TBB: even more likely (provided Alpine compiles with stack-protector) is that it's intentional and it's catching a bug 2017-03-14 17:04:42 how do I recall a command from the history !233 for example doesnt work but thats for bash 2017-03-14 17:10:38 Has anyone ever managed to install 3.5 onto Hyper-V? 2017-03-14 17:10:45 By any chance... 2017-03-14 17:44:30 zhasha: I thought about that but I have the feeling that if SSP for example catches it then the error will be something else. but I'll have to dig deeper into this tomorrow. Thanks for the ideas :) 2017-03-14 17:46:10 configuration error in go package: /usr/lib/go/pkg/tool/linux_amd64/pprof exists, but go tool pprof fails to find it 2017-03-14 17:46:16 is there a best practice for settings for the kernel for running docker containers somewhere? 2017-03-14 17:46:45 i know grsec interferes with things in strange ways 2017-03-14 20:09:46 hi@all 2017-03-14 20:10:05 i've upgraded a machine from 3.4 to 3.5 2017-03-14 20:10:12 update runs without any problems 2017-03-14 20:10:23 but after reboot lvm is not working 2017-03-14 20:10:57 http://sprunge.us/RBfS 2017-03-14 20:11:00 any ideas? 2017-03-14 20:12:40 yes 2017-03-14 20:13:39 not on Alpine at the moment, but it's a device mapper related problem - you've lost one device-mapper package in upgrade (happens by itself) 2017-03-14 20:13:53 and that results in an incomplete initramfs 2017-03-14 20:14:28 which means? 2017-03-14 20:15:01 I don't remember what the exact packages are but in your package database there are packages like device-mapper, device-mapper-libs, device-mapper-event-libs and such 2017-03-14 20:15:18 the upgrade causes one of them to be missing -> bang 2017-03-14 20:15:27 :-( 2017-03-14 20:16:06 so it takes booting with the old kernel+initramfs or boot media, chrooting in and fixing that 2017-03-14 20:16:45 argh... 2017-03-14 20:17:09 sounds very bad 2017-03-14 20:17:31 it's not that bad; at least I, when starting with Alpine, had to do that all the time :) 2017-03-14 20:17:39 TBB: is the old kernel still there after such update? 2017-03-14 20:17:47 the machine is about 200km away, so i have only ssh access 2017-03-14 20:17:52 (using default procedures) 2017-03-14 20:18:29 avih - as far as I know Alpine's kernel upgrade doesn't cause an operationg like cp /boot/vmlinuz-grsec /boot/vmlinuz-grsec.old 2017-03-14 20:19:00 that could be useful in general IMO. i.e. to allow booting with the previous kernel after a kernel update. 2017-03-14 20:19:19 so basically before you perform a kernel upgrade it's a good idea to do that manually... it could be useful to have the upgrade perform that 2017-03-14 20:19:22 so i do not have any chance to fix this remotely? 2017-03-14 20:19:51 StarWarsFan: is it a vps? does it provide direct terminal access? can you ssh into it? 2017-03-14 20:20:15 as i said, i have only ssh to this box 2017-03-14 20:20:23 and does it work now? 2017-03-14 20:20:28 yes 2017-03-14 20:20:40 i'm on it an missing my lvm... ;-) 2017-03-14 20:21:28 I wonder if you could get the device-mapper* apks there and install them to the early filesystem 2017-03-14 20:21:31 If you're in, you should be able to install the required packages, run update-kernel, an be good. 2017-03-14 20:22:24 so the first step would be to determine which packages are required... 2017-03-14 20:23:31 device-mapper, device-mapper-libs, device-mapper-event-libs 2017-03-14 20:24:25 [x] done 2017-03-14 20:24:34 and now update-kernel? 2017-03-14 20:25:20 # update-kernel ~ 2017-03-14 20:25:20 update-kernel: Module loopback device not mounted 2017-03-14 20:25:20 # 2017-03-14 20:25:20 I would personally just activate the vg, mount the root to /sysroot and ctrl-D 2017-03-14 20:25:48 dunno how complicated your partitioning scheme is 2017-03-14 20:26:15 encrypted setup? 2017-03-14 20:26:38 that is, lvm-on-luks? 2017-03-14 20:26:48 no, nothing encrypted 2017-03-14 20:27:11 okay, then you could just try lvm vgchange -a y and see if your logical volumes appear to /dev/mapper 2017-03-14 20:28:10 great! works again 2017-03-14 20:28:15 everything's fine 2017-03-14 20:28:19 thx a lot guys 2017-03-14 20:28:20 o> 2017-03-14 20:29:10 now remember to install those packages again :) 2017-03-14 20:29:46 did a lot of updates but this was the first one with this problem... 2017-03-14 20:30:37 yeh, I had it happen at work; I have a couple of guys using Alpine exclusively for their work so I had to make sure the upgrade works before letting them do the same 2017-03-14 20:45:31 hum... what do you guys think, am I wasting my time learning Vala? 2017-03-14 20:46:42 yes 2017-03-14 20:46:45 vala is a dead language 2017-03-14 20:46:51 their own devs even say the same 2017-03-14 20:51:13 +1 2017-03-14 20:51:54 Vala was always dead 2017-03-14 20:51:55 even if it wasn't dead, it's only gnome. what good is that? 2017-03-14 20:53:19 Consider that the reason it exists is because someone wrote a C ecosystem that's too painful to use for mortals 2017-03-14 21:03:44 I consider C too painful to use for mortals :) 2017-03-14 21:04:29 I don't mind shooting myself in the foot, but other people's feet... *shrug* don't know, it seemed like a fairly decent language as such 2017-03-14 21:12:36 TBB: start with c. it's a very very good base to have. and it's actually a rather simple language on its own. 2017-03-14 21:14:28 probably easier to learn than most modern languages out there, since modern languages have tons of implicit stuff which you need to wrap your head around 2017-03-14 21:15:06 in c everything is explicit. and the language and its feature set are quite limited. it's relly a good base. 2017-03-14 21:15:17 +a 2017-03-14 21:20:25 no 2017-03-14 21:21:05 I've had enough of C already, and since every day I witness what kind of garbage needs constant fixing just because of C being what it is, I'll never support it in the form of writing it 2017-03-14 21:22:08 although, that statement does put my two-day effort to figure out Vala somewhat strange :D 2017-03-14 21:22:19 it's not about how complex it is to maintain a complex project. it's about how simple it is to learn _programming_ . once you have a useful grasp of programing, then you can move to different languages 2017-03-14 21:22:37 oh, I know programming allright, I just find C repulsive 2017-03-14 21:23:37 yet I need to add something useful for system level programming into my repertoire 2017-03-14 22:17:11 is apk-tools a front-end or is it the pkg manager? 2017-03-14 22:39:20 ericnoan▸ are you asking whether there's some other thing running other than apk (presumably like yum->rpm ?) 2017-03-14 22:55:10 yes, like apt-get is a front-end to dpkg 2017-03-14 22:56:03 ericnoan: apk is the lowest level afaik 2017-03-14 22:56:28 apk-tools-static is best to keep around if yu go into some risk period, like fixing things in a chroot or for cross-versions upgrades 2017-03-14 22:56:38 that's why it's also just different package 2017-03-14 22:56:57 but apk does all stuff i think, and it shows - as in: less race conditions 2017-03-14 22:57:12 ok thx. is alpine intended to be used on the desktop? 2017-03-14 22:57:34 intended is streching it? you can do it, if you like it, and it'll be ok 2017-03-14 22:57:35 or rather, is it suitable? 2017-03-14 22:57:46 i'd not 2017-03-14 22:58:12 so its more intented for servers and embedded systems? 2017-03-14 22:58:14 but i long gave in and use a macbook to just have sane default instead of choice 2017-03-14 22:58:47 it is excellent for embedded/networking and great for servers, unless you need to run say SAP 2017-03-14 22:59:10 desktop is okish but no more comfy than any strict unix-like distro 2017-03-14 22:59:36 i mean, all i need is xfce 2017-03-14 22:59:39 so think of a bit easier to handle than openbsd, but no fedora 2017-03-14 22:59:41 yeah 2017-03-14 22:59:46 then you'll be ok i think 2017-03-14 22:59:59 it doesn't work if one can't setup a menu item 2017-03-14 23:00:15 anyone here use alpine on the desktop? 2017-03-14 23:00:15 and if one knows how to do set up a desktop for real then it's fine and fucking fast. 2017-03-14 23:01:55 well... no xfce package 2017-03-14 23:08:43 ericnoan: i have a desktop setup with xfce, but in a vm so not full time and no need for gpu drivers, since i mostly use it with forwarded x. it's as decent as i expect an xfce desktop to be. i.e. perfectly fine. 2017-03-14 23:09:43 ok thx 2017-03-14 23:12:17 only issue, which is not limited to desktop, is that due to missing glibc, some packages which mostly distribute as binaries are likely to not work due to expecting glibc but getting musl. like vscode. but if you can build it yourself then it would be fine 2017-03-14 23:13:10 (and alpine is a perfectly fine build env) 2017-03-14 23:13:48 i'd love to have a well-engineered approach to be able to run glibc-linked stuff 2017-03-14 23:13:58 +1 2017-03-14 23:14:34 i suspect it'd work to build glibc with a custom --prefix and put it and some libs there 2017-03-14 23:14:39 and just ld-linux in /lib 2017-03-14 23:15:01 if the ld-linux was configured for the custom --prefix it should look for config files, libs there 2017-03-14 23:16:58 i think the current approach to that is using docker and effectively installing a big chunk of ubuntu for that. i don't really like this appproach TBH (and regardless, couldn't get it to work, but that's probably my fault somehow) 2017-03-14 23:18:17 also, i'm guessing steam falls into this category too. 2017-03-14 23:20:15 dalias: would somehow building glibc (and deps), putting it in a dedicated dir and using LD_LIBRARY_PATH suffice? 2017-03-14 23:24:45 avih, no 2017-03-14 23:24:59 the key point is that you have a different ldso 2017-03-14 23:25:18 ok, i need to google ldso :) 2017-03-14 23:25:35 also LD_LIBRARY_PATH would break if it runs any subprocesses using other programs linked to the system libc 2017-03-14 23:26:42 right. 2017-03-14 23:27:51 though, i thought one of musl's goals was to allow static linking. so i'm guessing alpine doesn't use static linking with libc? 2017-03-14 23:28:05 you can static-link programs 2017-03-14 23:28:12 but for a distro you don't want to do mosst 2017-03-14 23:28:20 s/allow/promote or make easier or more viable/ 2017-03-14 23:28:34 it is easy 2017-03-14 23:28:39 but doesn't make sense for distro packages 2017-03-14 23:28:50 fixing bugs in dependencies is more work for the distro 2017-03-14 23:28:59 yeah 2017-03-14 23:29:03 and if you install a nontrivial amount of stuff it will use a lot more disk/ram 2017-03-14 23:29:37 how much overhead would static linking add to, say, some core utils programs? 2017-03-14 23:30:09 avih: define some :) 2017-03-14 23:30:38 some programs have negative overhead from static linking 2017-03-14 23:31:04 let's say ls for starters :) 2017-03-14 23:31:19 asymptotically (as you add lots of programs and attain near-full coverage for libc) dynamic linking saves 2017-03-14 23:31:28 for most individual programs, static linking saves a lot 2017-03-14 23:32:39 so on very rough average (and ignoring a big stddev). static linking adds (to the executable), say, 10% ? 2017-03-14 23:32:55 no, you can't generalize this 2017-03-14 23:33:25 if all your programs are shit probably dynamic linking saves you something 2017-03-14 23:33:25 for a given executable, static linking is much smaller than the executable + libs 2017-03-14 23:33:42 yes, for sure. 2017-03-14 23:33:43 if your programs are generally high quality and *never* using horrible bloated shit libraries, then static linking should be just fine 2017-03-14 23:34:16 hiro, i wouldn't say that 2017-03-14 23:34:30 there are non-bloated, non-shit things that fundamentally have nontrivial size 2017-03-14 23:34:35 for instance iconv() 2017-03-14 23:35:16 dalias: there are only two valid encodings and they need no iconv 2017-03-14 23:35:20 dalias: ascii 2017-03-14 23:35:22 musl takes the approach that if you static link, you actually _want_ the binary to work anywhere, without depending on other library/data files in the filesystem, so all the tables needed to convert are there 2017-03-14 23:35:22 dalias: utf-8 2017-03-14 23:35:36 hiro, that doesn't really work if you want to read email/web/etc. 2017-03-14 23:36:03 dalias: then run *one* statically linked program on all of your data that comes from horrible people and converts it into utf-8 2017-03-14 23:36:04 email will be in whatever encoding the sender's MUA chose 2017-03-14 23:36:20 yes but now you're back to the same limitations of dynamic linking 2017-03-14 23:36:26 dalias: this means there will be only one program using your code, so there's no sense in making a dynamic library for it 2017-03-14 23:36:29 depending on an ecosystem of installed files 2017-03-14 23:36:32 rather than a single program file 2017-03-14 23:37:22 ecosystem? 2017-03-14 23:37:38 dalias: so if i statically link a program with musl, it ends up depending only on the linux kernel, and as such would likely run on other distros with same arch? 2017-03-14 23:39:08 debian 2017-03-14 23:39:08 $ ls -l `which ls` 2017-03-14 23:39:09 -rwxr-xr-x 1 root root 114032 Jan 26 2013 /bin/ls 2017-03-14 23:39:19 proper statically linked OS 2017-03-14 23:39:20 % ls -l /bin/ls 2017-03-14 23:39:20 --rwxrwxr-x M 274 glenda sys 87050 Feb 13 21:19 /bin/ls 2017-03-14 23:39:39 even the DYNAMIC binary is bigger than the statically linked binary. 2017-03-14 23:39:46 without counting any of the libs 2017-03-14 23:47:13 sbase's ls on alpine is 22k. alpine's ls is 120k 2017-03-14 23:47:37 though initially i guess it's busybox's ls 2017-03-14 23:48:06 (i do have coreutils installed) 2017-03-14 23:51:03 in practice few people care about size anyway, so for them dynamic linking also makes no sense, they just want their shit to work no matter what. 2017-03-14 23:51:46 you might not care about size per app, but static linking also means updating all bins when libc updates 2017-03-14 23:51:48 and the few that care *a real big deal* about size would benefit from a hand-woven high-quality userland (ecosystem) with no big dependencies. 2017-03-14 23:52:19 static linking also means that all bins don't suddenly break because one lib got updated. 2017-03-14 23:52:27 true 2017-03-14 23:52:45 people pretend way too often that updating shit is the prime directive 2017-03-14 23:53:05 sometimes not updating is *just fine*. 2017-03-14 23:53:16 these days less so 2017-03-14 23:53:21 considering the rate of new VCE's, updating _is_ impottant 2017-03-14 23:53:31 CVE* 2017-03-14 23:53:36 almost any sw facing data from outside sources has multiple serious vulns if it's out of date :( 2017-03-14 23:53:49 avih: if you care about security you'll just run less software 2017-03-14 23:53:59 avih: which makes updating possible in the first place. 2017-03-14 23:54:11 hiro: that's one approach, but many times it's not really applicable 2017-03-14 23:54:23 avih: if it becomes too many dynamic linking won't help at all, because shit breaks *always* once you reach this complexity. 2017-03-14 23:54:55 i don't disagree. i just see both sides. though i don't have the background to weight them against eachother 2017-03-14 23:55:02 avih: of course the typical apt-get install secure-wordpress doesn't work in any viable way 2017-03-14 23:55:29 avih: and that's completely orthogonal to static linking. 2017-03-14 23:56:06 it is, but i said static linking requires bigger updates, wrt to your statement that size doesn't matter much 2017-03-14 23:56:28 almost any sw facing data from outside sources has multiple serious vulns even if it's not out of date. 2017-03-14 23:56:36 having a cve is not a requirement for being shit software. 2017-03-14 23:56:46 hiro, the difference is the # of parties who know the vuln 2017-03-14 23:57:04 nobody's going to blow a 0day on "random user hiro" 2017-03-14 23:57:21 they're going to sell it or save it for use on a serious target 2017-03-14 23:57:21 someone might :) 2017-03-15 00:00:30 dalias: true, there's a good reason to avoid such with known vulnerabilities. 2017-03-15 00:01:16 dalias: i'm just saying that with careful preselection you can minimize the risk of ever having to update because of such a vulnerability getting found considerably 2017-03-15 00:01:29 dalias: that's why i brought up wordpress as an example 2017-03-15 00:01:50 dalias: i don't think anybody on this world gains an advantage if wordpress is easier, faster, cheaper to install 2017-03-15 00:02:15 dalias: i wish it would be all statically linked, yes. 2017-03-15 00:02:25 dalias: because then people can see the *real costs* much more trivially 2017-03-15 00:03:11 dalias: this then *painful* size might warn them in time how much time it will cost them in the future to maintain, update, bugfix the update, etc. 2017-03-15 00:04:07 dalias: one more guy choosing a less horrible web framework might already make it worth all the other guys having more time for drinking coffee during the upgrade 2017-03-15 00:08:28 but the main reason i dislike dynamic linking is not because of the incentive it gives to people to be reasonable, but because of the needless complexity it brings to all programs 2017-03-15 02:01:05 hey. I've always known alpine as the docker operating system, I wasn't aware that it was even really able to be ran on bare metal. Then I learned you guys don't use glibc. Then I learned you guys ship grsec kernels. I'm really interested in using this instead of pfsense as my router. 2017-03-15 02:01:24 What's the difference between linux-grsec and linux-virtgrsec? 2017-03-15 02:02:20 On the downloads page, is the Xen image meant to be ran paravirtualized, or is it meant to be used as a dom0? 2017-03-15 02:11:16 n11cky: well 2017-03-15 02:11:30 n11cky: grsec is on it's way out, because of various reasons (we will keep pax though) 2017-03-15 02:11:43 n11cky: the virtgrsec is for VMs 2017-03-15 02:11:53 n11cky: and, the xen image is a boot to dom0 livecd 2017-03-15 02:12:18 Aww, too bad to hear that. What's the main reason? 2017-03-15 02:12:51 Are the PaX patches still distributed by anyone except the guy who maintains grsecurity? you guys might have to manually decouple that 2017-03-15 02:13:07 n11cky: they are separately available 2017-03-15 02:13:30 n11cky: we only really use PaX features of grsec kernels anyway, and plan to use AppArmor as a replacement for the non-pax features 2017-03-15 02:13:48 n11cky: allowing us to simplify between "pax or not" verses "giant grsec blob of patching or not" 2017-03-15 02:14:46 that's completely reasonable. 2017-03-15 02:14:50 n11cky: the reality is we are not even shipping grsec kernels today -- we basically have forked grsec due to the availability situation and it's not really sustainable 2017-03-15 02:15:11 i run grsec kernels on a couple of boxes, i can only imagine the constraints you guys have maintaining a distribution with it 2017-03-15 02:15:14 note the website refers to "grsec", not "grsecurity" 2017-03-15 02:15:56 we also want to do things with pax, that spender do not care about 2017-03-15 02:16:25 so the reality is something like 2017-03-15 02:16:34 we basically are owning the fact that we forked grsec anyway 2017-03-15 02:16:40 and are going to redo it properly 2017-03-15 02:16:48 in a way that is more suitable to the distribution 2017-03-15 02:17:10 and allowing us to share hardening between PaX and non-PaX kernels (via apparmor) 2017-03-15 02:17:29 as for what we want to do with PaX 2017-03-15 02:17:48 we want to be able to apply PaX restrictions to specific cgroups (or remove them from specific cgroups) 2017-03-15 02:18:22 thus allowing for things like 2017-03-15 02:18:31 lxd/docker/whatever containers that have PaX or not 2017-03-15 02:19:43 to accomplish that, we basically have to do something better than what we are doing with the 'grsec' kernels right now :) 2017-03-15 02:20:11 it's unfortunate that grsec patches kind of... get in the way of newer kernel features. 2017-03-15 02:20:26 grsec is really obsolete these days 2017-03-15 02:20:30 particularly with containers. 2017-03-15 02:20:39 the reason why people buy the grsecurity patchset is really to fund PaX 2017-03-15 02:20:52 well ever since he decided to close the source up i just feel like things really took a turn for the worse 2017-03-15 02:21:11 grsecurity has always been obsolete since linus decided he didn't want to merge it 2017-03-15 02:21:31 and really, it was dead when they decided they didn't want to try to merge any parts of it individually and decided it had to be all or nothing 2017-03-15 02:21:33 i wonder how much of the grsecurity revenue the PaX guy gets 2017-03-15 02:21:45 maybe someone in the alpine ecosystem should give the PaX guy a job 2017-03-15 02:22:07 ;) 2017-03-15 02:22:27 haha, i hope someone does! 2017-03-15 02:22:43 where is PaX? 2017-03-15 02:22:56 I don't even see him in my backscroll 2017-03-15 02:23:17 PaX is a kernel patch that is included in grsecurity 2017-03-15 02:23:29 maintained by an anonymous person called "the PaX team" 2017-03-15 02:23:51 https://www.grsecurity.net/~paxguy1/?C=M;O=D 2017-03-15 02:23:52 it is possible to get PaX separate from grsecurity though 2017-03-15 02:23:52 paxguy1 2017-03-15 02:25:28 beyond that, the grsec kernels distract from a lot of the other hardening we do in alpine 2017-03-15 02:25:42 so we would like to highlight the fact that it's really a holistic approach 2017-03-15 02:25:58 PaX + fortify + PIE, and soon AppArmor 2017-03-15 02:28:07 wow this is awesome 2017-03-15 02:28:13 http://git.2f30.org/fortify-headers/file/README.html 2017-03-15 02:28:59 I had never heard of this. What an awesome idea 2017-03-15 02:29:47 hello. 2017-03-15 02:30:55 I updated a package in testing, now I just need to send a pull request to aports? 2017-03-15 02:32:59 kaniini : wow. Thank you for shedding some light on this matter ! 2017-03-15 02:33:31 kaniini : from the beginning of my Alpine experience I just thought Alpine takes all grsecurity patches 2017-03-15 02:34:29 kaniini : so, PaX + fortify headers + PIE + AppArmor + something else would be the new "grsec", you say ? 2017-03-15 02:36:37 tmh1999: the grsec patches rely on PaX, and I believe you guys already have fortify in your kernel. PIE isn't in-kernel. 2017-03-15 02:37:24 so it wouldn't be the "new" grsec, but they'd be removing some features of the grsec patches that aren't used so that they can enable some features that grsecurity doesn't currently include and/or doesn't turn on 2017-03-15 02:38:03 AppArmor is to be added to replace some of the features that removing grsecurity patches would produce. 2017-03-15 02:38:49 though that's really not a one-to-one type mapping at all 2017-03-15 02:39:08 kaniini: i'm curious, what pushes you guys towards apparmor versus selinux? 2017-03-15 02:39:34 not that I don't understand what you're going after. selinux policy is in a sorry state anywhere that isn't RHEL/Fedora/CentOS 2017-03-15 02:41:05 i wish i knew a bit more about apparmor, i don't feel like I know much at all about it. I know it's path based 2017-03-15 02:41:21 how does that play out when you're doing something with overlayfs / etc? 2017-03-15 02:47:40 n11cky : if I am not wrong fortify is a separated package in Alpine. Well, by "new grsec" I mean, PaX feature taken from grsecurity (or grsec???), + fortify + AppArmor. 2017-03-15 02:47:54 n11cky : Is it even correct ? 2017-03-15 02:50:07 tmh1999: you're definitely right that fortify isn't in the kernel 2017-03-15 02:50:21 yeah that's all correct 2017-03-15 02:51:30 n11cky : Thank you ! 2017-03-15 02:51:43 does alpine ship eudev or udev by deafult? 2017-03-15 02:51:50 i see that you package both! 2017-03-15 02:53:07 ahh nevermind, eudev for both. 2017-03-15 02:54:14 so grsec is going closed source? 2017-03-15 02:58:05 nwmcsween_: https://lwn.net/Articles/655721/ 2017-03-15 03:13:12 n11cky: apparmor is simpler 2017-03-15 03:14:04 n11cky: notably, it does not have to do with labeling everything in the FS :P 2017-03-15 03:14:57 grrrkit: yes, absolutely that is a way to go 2017-03-15 03:15:45 n11cky: as for overlayfs -- i think it is fine, because it is based on pathname 2017-03-15 03:21:59 tmh1999: the goal is to wind up at two primary kernel packages (and two virt derivatives), -hardened (and -hardened-virt) / -vanilla (and -virt) 2017-03-15 03:22:45 kaniini : yeah -hardened is what I mean "new grsec" 2017-03-15 03:23:03 tmh1999: -hardened will start as PaX + Yama + AppArmor (-vanilla is already Yama and soon AppArmor) 2017-03-15 03:24:22 tmh1999: once -hardened is ready, it will provides=linux-grsec 2017-03-15 03:24:46 so apk upgrade --available will upgrade you to hardened kernel from grsec (which is different than what spender ships) 2017-03-15 03:25:13 kaniini : I see 2017-03-15 03:27:08 in future, some kernel based on spender's test patches may be also available in community or such repo 2017-03-15 03:27:22 kaniini : I should have known vanilla comes with Yama, so I would have submitted config-vanilla.s390x with Yama yesterday ... 2017-03-15 03:27:32 it's a recent change for 3.6 2017-03-15 03:28:32 the overall goal is to enable the same security features for userspace across all kernel options 2017-03-15 03:28:37 so 2017-03-15 03:28:49 userspace -- PIE, fortify, AppArmor, Yama 2017-03-15 03:29:09 kernelspace -- maybe kASLR on vanilla, PaX on hardened 2017-03-15 03:30:12 in future for the hardened kernel, we would want to have cgroup-level control of PaX features since PaX itself does effect userspace too 2017-03-15 03:30:27 that's basically it for future plans right now 2017-03-15 03:30:33 cool, is there any way/start point I can start to contribute on it ? 2017-03-15 03:30:55 well, right now for 3.6 i hope to have this grsec transition sorted 2017-03-15 03:31:04 once that is done, then we can work on the cgroups integration for pax 2017-03-15 03:31:34 there's other things we need to solve too, like keeping kernel configs in sync across variants 2017-03-15 03:32:16 the hardened kernel profile should have the same drivers/features as vanilla, the only difference should be PaX 2017-03-15 03:33:00 I see 2017-03-15 03:33:20 well I am on s390x arch, so I will try to keep it in sync 2017-03-15 03:35:09 that leads me to the other major change i am trying to get done -- allowing proper team maintainance of core packages such as the kernel 2017-03-15 03:35:10 ;) 2017-03-15 03:37:49 I also concern about it. I was expressing about having s390x packages to be available on Alpine repo alongside x86, x86_64, aarch64, armhf 2017-03-15 03:38:22 I understand that letting me build the packages and put it on the repo is a major change since I am not even close to the core team 2017-03-15 03:39:03 I would love to hear from Alpine core team, ncopa has access to s390x VM so he could build s390x packages 2017-03-15 03:39:27 so for now it would be great if he does so and put packages online 2017-03-15 03:39:32 guess too much work for him 2017-03-15 03:40:02 in the meanwhile I am trying to build all s390x packages on main, given that base packages are all good (gcc, musl, go, openjdk, python, ruby, etc.) 2017-03-15 03:40:14 patches are being submitted for review 2017-03-15 03:55:59 it really comes down to whether or not you want to be the architecture maintainer for alpine/s390x 2017-03-15 03:56:58 if you do, then in general, i don't think there is any objection to that -- it's a new architecture and it is best to have someone with domain expertise maintaining it 2017-03-15 03:57:51 tmh1999: so really, it comes down to what you want to do :) 2017-03-15 03:58:39 tmh1999: if that is what you want to do, then it is just a matter of going through the appropriate steps with the infrastructure team to give upload rights for your builder(s) 2017-03-15 04:00:37 beyond that -- in general -- i am of the opinion that someone with demonstrated domain expertise concerning alpine on a specific architecture (such as the primary porter of said architecture) should likely be on the core team *anyway* 2017-03-15 04:01:24 a core team which represents all stakeholders is most effective 2017-03-15 04:02:26 kaniini : I am committed to maintain alpine/s390 2017-03-15 04:03:09 as you said, I should have shown expertise on s390x arch 2017-03-15 04:03:13 then the next step is to build an image + repo somewhere accessible with apk-tools 2017-03-15 04:03:20 i believe you already have that though 2017-03-15 04:03:38 I already have a repo. An image is in progress 2017-03-15 04:03:44 so it's just a matter of getting the builder hooked up and uploading the master archive 2017-03-15 04:04:04 clandmeter should be able to facilitate that 2017-03-15 04:04:48 thanks, I will try to get most packages online (properly patched) this week 2017-03-15 04:04:52 :) 2017-03-15 04:05:21 even if we ultimately do not cut a s390x release for 3.6, having it in edge is reasonable as a starting point 2017-03-15 04:05:29 but there's plenty of time to get that sorted 2017-03-15 04:05:59 yes, being in edge asap is my primary goal 2017-03-15 04:06:38 I hope if s390x lands on 3.6 without an image, it would be acceptable since aarch64 also follows that path 2017-03-15 04:07:07 tbh I am pretty novice on that matter (mkinitfs, scripts/mkimage, etc.) 2017-03-15 04:07:15 but I am picking it up 2017-03-15 04:11:25 i think in general, s390x just needs a filesystem image since the kernel and ramdisk are supplied directly to the VM layer 2017-03-15 04:14:15 yes, s390x does not need full fledge ISO image. I run mkinitfs to create a ramdisk on a chroot, use it with the kernel to boot in KVM, and currently fails. Trying to figure it out. 2017-03-15 04:24:49 mkimage part isnt needed then :) 2017-03-15 04:26:35 er Working on it. 2017-03-15 04:58:58 tmh1999: are all appropriate devices existent/ 2017-03-15 05:11:22 kaniini: mkimage doesn't just build the image itself now, it also handles building the initramfs, sorting the firmware and modules, etc, that update-kernel othewise would provide. 2017-03-15 05:13:23 kaniini: In other words, it can build a FS layout for any rootfs content you want. 2017-03-15 05:15:16 kaniini : All that should be needed to support a new arch as far as mkimage is concerned is the arch and which imagetype to generate. 2017-03-15 05:15:38 kaniini: It sounds as though no bootloader is required. 2017-03-15 05:30:31 a head's up: grsecurity is going private soon. this is going to affect alpine linux, so it sucks hard :/ 2017-03-15 05:49:09 <_ikke_> ryonaloli: You mean private also for the test/unstbale branch? 2017-03-15 05:49:19 yes, for all branches 2017-03-15 05:49:22 stable and testing 2017-03-15 05:51:14 (source: #grsecurity on oftc) 2017-03-15 06:15:34 ryonaloli: we are aware, and are working on a solution for it 2017-03-15 06:15:52 is the solution just "drop grsec"? 2017-03-15 06:15:58 no 2017-03-15 06:16:16 then you'll be trying to maintain your own branches of grsecurity :/ 2017-03-15 06:16:20 that's going to be dangerous 2017-03-15 06:16:22 also no 2017-03-15 06:17:02 wait what. ok now i'm genuinely curious. all i could think of other than that would be to get spender to give you access, which i strongly doubt he'd allow (he said he would not do that for gentoo, at least) 2017-03-15 06:18:16 ultimately, we plan on replacing grsec kernel with our own patchset based on the current PaX testing patches 2017-03-15 06:18:32 spender can do what spender wants to do 2017-03-15 06:19:19 and if you don't like that solution, i am sure you can buy his patches 2017-03-15 06:19:21 pax is also being taken away 2017-03-15 06:19:29 pipacs is onboard with spender's plan :/ 2017-03-15 06:19:38 that sucks 2017-03-15 06:20:16 well, the PaX patch that presently exists, is much smaller than grsecurity patch 2017-03-15 06:20:22 i will buy his patches most likely, but only for my servers and workstation. problem is it's $500/month minimum for a single installation. i use alpine w/ grsec on more than 15 computers. 2017-03-15 06:20:29 so that'd be expensive heh 2017-03-15 06:20:54 and is likely not impossible to rebase 2017-03-15 06:21:35 people have tried :P 2017-03-15 06:21:59 we already basically forked grsec anyway 2017-03-15 06:22:11 what we ship is not the same as what spender is putting out 2017-03-15 06:22:25 i know. it's resulted in quite a few quietly released features to mitigate 0days not being in alpine. 2017-03-15 06:22:43 if you are talking about the gcc plugin, we have it 2017-03-15 06:22:48 nah 2017-03-15 06:22:56 you are not talking about RAP? 2017-03-15 06:22:59 no 2017-03-15 06:23:11 it's not in the menuconfig interface because spender doesn't want the bugs fixed in the upstream kernel because he has a beef with hkspp 2017-03-15 06:23:15 *kspp 2017-03-15 06:23:19 slub-related stuff 2017-03-15 06:23:25 well slab too 2017-03-15 06:23:57 and people wonder why we just (admittedly by side effect) forked it instead 2017-03-15 06:23:59 ;) 2017-03-15 06:24:00 that's one of the only ones which i happened to be made aware of by accident. there are quite a lot more it seems. 2017-03-15 06:24:22 i mean, our options are limited 2017-03-15 06:24:40 if they are closing all patch access as has been noted by many people over past few weeks 2017-03-15 06:24:42 the sad thing is, unless you know enough about the intricate workings of kernel security, to keep up with all the latest bugs and mitigations, such a fork will always end up being inferior, adding more bugs, or simply resulting in less coverage :P 2017-03-15 06:24:43 then they close it 2017-03-15 06:25:34 ryonaloli: to be honest, the grsec kernel is not 100% of alpine's security story 2017-03-15 06:25:47 i know. it also uses the neat fortify source thing. 2017-03-15 06:25:54 (i gotta get that into musl sooner or later) 2017-03-15 06:26:05 even musl itself is part of the security story 2017-03-15 06:26:40 what else is there, other than hardening for the toolchain, musl, the extra strong fortify source? 2017-03-15 06:27:07 we are working on integrating apparmor which should help contain the packages we ship 2017-03-15 06:27:52 and as mentioned, we are going to look at maintaining our own version of PaX 2017-03-15 06:28:08 in reality, we mainly use grsec sources for PaX 2017-03-15 06:28:13 that will be... scary 2017-03-15 06:28:24 if it scares you, buy spender's patches 2017-03-15 06:28:27 (well grsec's pax is pax) 2017-03-15 06:28:29 it's the best we can do 2017-03-15 06:28:30 eh, grsecurity is not perfect either 2017-03-15 06:28:49 remember marcan vs. grsec? 2017-03-15 06:28:50 however, keep in mind that spender is not really the most honest person on the planet 2017-03-15 06:29:01 asie: you mean when he simply found a DoS :P 2017-03-15 06:29:14 yes, but the reaction is the important part 2017-03-15 06:29:16 asie: nothing is perfect, but i've come across quite a few 0days for linux, and they are cheap. i know of one rumored and mostly confirmed 0day for grsec used by VUPEN (Zerodium), which likely does not even work anymore 2017-03-15 06:29:24 and he has a goal of selling you a grsecurity subscription 2017-03-15 06:29:39 yes, and alpine is effectively ruining that for him 2017-03-15 06:29:46 because everyone gets a (less stable, in theory) grsec 2017-03-15 06:30:03 yes, well, that's on him now isn't it 2017-03-15 06:30:05 but a bit more stability is not worth $500/month/machine to most people 2017-03-15 06:30:15 there are some enterprises in which it is but that's hardly "most" 2017-03-15 06:30:17 apparently a lo of people do that 2017-03-15 06:30:18 we are doing the nice thing and renaming our kernel to -hardened 2017-03-15 06:30:20 which is a *lot* of money 2017-03-15 06:30:41 since we have not shipped actual grsecurity since 2015 2017-03-15 06:30:54 when he cut us off 2017-03-15 06:31:02 along with everyone else 2017-03-15 06:31:47 but by all means, if you need the absolute security guarantees of grsecurity, you should have already signed up :) 2017-03-15 06:31:55 ryonaloli: since you seem to be aware of the security world more than i do, what's the truth about openbsd? 2017-03-15 06:31:57 just curious 2017-03-15 06:32:06 crap by default 2017-03-15 06:32:10 some people say its security record and standards are massively overhyped 2017-03-15 06:32:13 some people say otherwise 2017-03-15 06:32:15 it is 2017-03-15 06:32:18 openbsd is pretty good but yeah, way overhyped. 2017-03-15 06:32:28 few security holes in 'default install' 2017-03-15 06:32:31 it's nice for low-maintainence routers. 2017-03-15 06:32:36 but just look at their errata page. 2017-03-15 06:32:38 default install is basically equivilant to alpine-base 2017-03-15 06:32:46 kernel panics (DoS), privesc (occasionally) 2017-03-15 06:32:53 had a recent privesc to root when using xorg. 2017-03-15 06:32:57 (well, their version of xorg) 2017-03-15 06:32:59 xenocara 2017-03-15 06:33:06 the biggest joke i think was pushing everyone onto the openbsd httpd, quickly hacked up in /two weeks/, which had so many issues on first release 2017-03-15 06:33:09 i mean it's not bad, it's better than freebsd or netbsd. 2017-03-15 06:33:20 netbsd seems to have the friendliest community, at least in poland 2017-03-15 06:33:21 but it's not the perfect flawless system. 2017-03-15 06:33:33 well netbsd has some RCEs in their services. 2017-03-15 06:33:35 still out there. 2017-03-15 06:33:40 if a friend of mine is to be believed. 2017-03-15 06:33:51 spender? ;) 2017-03-15 06:33:55 no lol 2017-03-15 06:34:55 ryonaloli: so what is the backstory on why grsecurity testing patches are going private too 2017-03-15 06:35:16 i feel pretty sure it's "too many people are realizing the testing patches aren't that bad after all" 2017-03-15 06:35:44 kaniini: spender is fed up with the kspp taking his work and contributing nothing back, all the while boasting about how amazingly secure the kspp is, even though they are introducing *new* bugs in the process of porting his mitigations, and turning them into half-baked pseudo-mitigations that are trivial to bypass. 2017-03-15 06:36:21 'his' work 2017-03-15 06:36:29 'contributing nothing back' 2017-03-15 06:36:43 why would they want to contribute back to a for-profit project without being compensated? 2017-03-15 06:36:44 they weren't contributing anything back 2017-03-15 06:36:54 and it was his work (his and pipacs, with some from ephox) 2017-03-15 06:36:56 grsecurity is, for all means and purposes, a for-profit project,and should be considered such 2017-03-15 06:37:09 asie: not to mention a project that is arguably violating kernel GPLv2 (stallman's interpretation anyway) 2017-03-15 06:37:22 it isn't, it's just very clever about it 2017-03-15 06:37:32 i would say in theory it is not 2017-03-15 06:37:35 grsec itself doesn't violate GPLv2 2017-03-15 06:37:39 but in spirit, it is 2017-03-15 06:37:43 yes, it does in spirit 2017-03-15 06:37:56 but violating something in spirit is a bit more complicated than violating something obviously 2017-03-15 06:38:09 how does it violate it in spirit? 2017-03-15 06:38:17 because you make someone pay for something before giving it to them? 2017-03-15 06:38:20 no 2017-03-15 06:38:26 or the RAP thing? 2017-03-15 06:38:29 because you get punished for redistributing 2017-03-15 06:38:32 the spirit of GPLv2 is to ensure projects under it can benefit from *all* changes made to them 2017-03-15 06:38:41 that are out in the public 2017-03-15 06:38:42 kaniini: huh? there are a lot of projects which do that. 2017-03-15 06:38:46 if someone buys a grsecurity patch, 2017-03-15 06:38:48 a company i work for does that. 2017-03-15 06:38:53 and gives it to alpine 2017-03-15 06:38:56 they would be punished 2017-03-15 06:39:21 and "a lot of projects which do that" doesn't mean "a lot of project don't violate the GPL's spirit" 2017-03-15 06:39:25 if spender says i am wrong, i will happily give him $500/month for the patches 2017-03-15 06:39:27 move on to BSDs if you don't like it 2017-03-15 06:39:31 i want it in writing though 2017-03-15 06:40:03 kaniini: well, you can distribute it to people, *but* the price goes up the more people you distribute it to 2017-03-15 06:40:07 that's something i asked him myself 2017-03-15 06:40:13 and that is the punishment 2017-03-15 06:40:17 voila :) 2017-03-15 06:40:19 so yeah you could put it in alpine, but if you gave it to 5k people, it would be insanely expensive 2017-03-15 06:40:19 ryonaloli: how can Alpine determine the amount of people to pay spender 2017-03-15 06:40:24 download counts? 2017-03-15 06:40:28 probably 2017-03-15 06:40:30 should Alpine pay $500/month/IP? or maybe $500/month/user? 2017-03-15 06:40:36 we could bring back popularity-contest 2017-03-15 06:40:49 yes, but the price of maintaining every single user then becomes absurd 2017-03-15 06:40:52 i imagine it'd go down to like, the low low price of $400 per user :P 2017-03-15 06:40:55 ryonaloli: and the problem is 2017-03-15 06:41:02 someone downloads alpine's grsec kernel and mirrors it 2017-03-15 06:41:04 what now? 2017-03-15 06:41:17 they mirror it in, let's say, China, so spender's magic is ineffective there 2017-03-15 06:41:18 asie: that's in their right, and spender would not revoke your access 2017-03-15 06:41:30 yes, but that implies no reproducible builds 2017-03-15 06:41:35 because distributing the patchfiles alone is punishable 2017-03-15 06:41:46 even distributing the patch files 2017-03-15 06:41:55 however, he'll only give you the patch files for your specific configuration 2017-03-15 06:42:07 yes, which, again, is enough for most people 2017-03-15 06:42:09 with all the configuration you don't need stripped and replaced with #error 2017-03-15 06:42:26 er, wait, no 2017-03-15 06:42:31 but this doesn't violate the GPL in spirit ;) 2017-03-15 06:42:32 he just strips other architectures 2017-03-15 06:42:36 similar 2017-03-15 06:42:42 alpine does x86, x86_64, arm and aarch64 2017-03-15 06:42:45 i think that covers almost every usebase 2017-03-15 06:42:49 except maybe openpower 2017-03-15 06:43:00 asie: ppc64le, s390x, mips all coming on board for 3.6 2017-03-15 06:43:06 okay let me fix that 2017-03-15 06:43:10 sooo 2017-03-15 06:43:11 i think that covers every usebase not exclusive to netbsd 2017-03-15 06:43:11 so you'd have to pay extra for all those, for each person who downloads it from you. if people mirror it, you're not liable. 2017-03-15 06:43:12 7 x $500/mo 2017-03-15 06:43:18 nah not 7x 2017-03-15 06:43:27 like, 7 x 10000 x $500/mo 2017-03-15 06:43:28 ryonaloli: okay, so 2017-03-15 06:43:30 minus a discount 2017-03-15 06:43:32 ya 2017-03-15 06:43:35 1% discount amirite 2017-03-15 06:43:36 so yeah 2017-03-15 06:43:44 anyway 2017-03-15 06:43:46 what stops me from creating an appliance with a production count of 7 2017-03-15 06:43:49 (for each architecture) 2017-03-15 06:43:57 selling them to kaniini and giving him the source as requested by the GPLv2? 2017-03-15 06:44:02 asie: what do you mean? 2017-03-15 06:44:05 haha 2017-03-15 06:44:06 i make 7 devices 2017-03-15 06:44:11 each one of them is on a different architecture 2017-03-15 06:44:15 i use grsecurity on each of them 2017-03-15 06:44:20 i pay spender $3500/month, as requested 2017-03-15 06:44:25 then i sell all 7 devices to kaniini, for said $3500/month 2017-03-15 06:44:36 then i request the GPL sources 2017-03-15 06:44:36 he is not bound to any contract with spender *and* he has GPLv2 grsecurity kernels 2017-03-15 06:44:38 yes 2017-03-15 06:44:50 yeah nothing stops you from doing that. 2017-03-15 06:44:56 except spender would probably say no 2017-03-15 06:45:01 i imagine spender might make an exception if he knows that you are intentionaly doing it... 2017-03-15 06:45:08 anyway, all of this is moot -- the official grsec patches do not meet alpine's free software guidelines 2017-03-15 06:45:12 rather than some dude who got a router from a huge company mirroring the source... 2017-03-15 06:45:50 as i keep re-iterating: i believe grsecurity is abusing the spirit of the gplv2 and the linux kernel for monetary gain 2017-03-15 06:46:05 we would not want a crazy bipolar person showing up at some company who uses alpine demanding money 2017-03-15 06:46:08 it is just bad for us 2017-03-15 06:46:10 it's not monetary gain. it's entirely ego. 2017-03-15 06:46:13 he hates the kspp. 2017-03-15 06:46:21 he makes money now, he has for a while. 2017-03-15 06:46:21 it's both 2017-03-15 06:46:25 ryonaloli: the thing is 2017-03-15 06:46:26 it's money and bipolar 2017-03-15 06:46:32 if the kspp gets access to the patches via some appliance 2017-03-15 06:46:35 he has accomplished zero 2017-03-15 06:46:36 nothing, null, void 2017-03-15 06:46:47 he just makes it harder for them, but not impossible 2017-03-15 06:46:47 the reality he hates kspp 2017-03-15 06:46:47 asie: kspp will just work on the old grsec patches 2017-03-15 06:46:49 because 2017-03-15 06:46:55 it cuts into his potential customers 2017-03-15 06:46:56 i mean one of the devs could just pay the $500/month 2017-03-15 06:46:56 work for many many years trying to upstream it 2017-03-15 06:47:00 and even not redsitribute a single patch 2017-03-15 06:47:18 just explain how the patch works to others who then reimplement it, and he wouldn't even have to know this is happening 2017-03-15 06:47:19 asie: i think he wants to spite them 2017-03-15 06:47:26 yes, it's messed up 2017-03-15 06:47:27 not actually find an effective way to stop the problem 2017-03-15 06:47:31 even though it causes real harm 2017-03-15 06:47:39 i mean i've worked my ass off trying to get Tails to upstream grsec 2017-03-15 06:47:42 and i was *this close* 2017-03-15 06:47:43 this is exactly why projects like kspp are needed 2017-03-15 06:47:50 well, something like kspp maybe... 2017-03-15 06:47:58 stop believing the spender hype 2017-03-15 06:47:59 kspp itself is crappy. really ineffective, upstreaming half-assed mitigations that don't work 2017-03-15 06:48:05 and? 2017-03-15 06:48:05 how do you know 2017-03-15 06:48:06 they're trying 2017-03-15 06:48:07 kaniini: this is stuff which i've verified myself. 2017-03-15 06:48:08 that's what matters 2017-03-15 06:48:20 asie: i think we are talking to spender right now even 2017-03-15 06:48:21 i know enough about security to understand that :P 2017-03-15 06:48:22 ;) 2017-03-15 06:48:24 ultimately, a person who tries to help the world but isn't very good at it is better than a person who is great at having an ego 2017-03-15 06:48:42 one of them learning will benefit the world, the other one already knowing doesn't really do as much good 2017-03-15 06:48:59 even if projects like kspp are half-assed, i believe such efforts should be aided, not laughed at 2017-03-15 06:49:08 maybe they're not malicious, maybe they're just genuinely unaware of some problems 2017-03-15 06:49:18 ryonaloli: i think kspp is very early in it's infancy, and it is just kees cook right now really driving it 2017-03-15 06:49:35 but i know kees has done good work driving security in debian/ubuntu for years 2017-03-15 06:49:37 kees seems to be the only person who isn't deserving of blame even 2017-03-15 06:49:47 so i think it is worth giving some time 2017-03-15 06:50:07 i think it would be, in theory, if it were not hyped up 2017-03-15 06:50:20 and grsecurity isn't hyped? :) 2017-03-15 06:50:22 it's hyped up more than grsecurity among kernel devs 2017-03-15 06:50:25 way more than grsecurity 2017-03-15 06:50:36 yes, because, unlike grsecurity, they have a hope of getting them into the project they love? 2017-03-15 06:50:38 sounds like it will be a success 2017-03-15 06:50:46 spender's just jelly 2017-03-15 06:50:48 grsecurity is a walled garden, why should they be hyped about it 2017-03-15 06:50:49 yeah, a success like KASLR :P 2017-03-15 06:50:52 it's against their itnerest 2017-03-15 06:51:26 ASLR isn't really meant to be a security measure as much as it is meant to make attackers have to work harder 2017-03-15 06:51:33 talking about KASLR, not ASLR 2017-03-15 06:51:33 supporting grsecurity is against the interest of the linux kernel mainline 2017-03-15 06:51:38 which does not make attackers work harder 2017-03-15 06:51:41 you know there's an unprivileged instruction on x86 which defeats KASLR 2017-03-15 06:51:43 haha 2017-03-15 06:51:44 a single unprivileged instruction 2017-03-15 06:51:48 not even kidding 2017-03-15 06:51:53 SIDT 2017-03-15 06:52:00 no timing attack 2017-03-15 06:52:01 we do not use kASLR on -vanilla 2017-03-15 06:52:14 called once. provides you with the IDT, which can be used, indirectly, to break KASLR. 2017-03-15 06:52:18 yep 2017-03-15 06:52:30 and UMIP is not in any modern processors yet. 2017-03-15 06:52:35 (UMIP disables SIDT) 2017-03-15 06:52:36 but x86 is a security disaster anyway 2017-03-15 06:52:54 PaX is a giant hack to try to solve the problem :p 2017-03-15 06:53:25 PaX is an approach to mitigating classes of bugs. it's not just a marketing term, it actually does that. 2017-03-15 06:53:38 UDEREF it's superior to SMEP/SMAP, for example. 2017-03-15 06:53:42 what PaX originally did 2017-03-15 06:53:45 architecture independent, and came long before 2017-03-15 06:53:45 is a giant hack 2017-03-15 06:54:04 not talking about the old, old original stuff 2017-03-15 06:54:12 back when stacks were all executable 2017-03-15 06:54:24 and solar was so proud about his no exec stack patch 2017-03-15 06:54:41 i'm talking about modern PaX 2017-03-15 06:54:51 (and grsecurity) 2017-03-15 06:55:12 for someone who claims to not be spender, you sure do talk a lot like him ^_^ 2017-03-15 06:55:27 man i wish i was spender 2017-03-15 06:55:28 i'm pretty sure i saw this nickname before not being spender 2017-03-15 06:55:35 i'm just not sure where 2017-03-15 06:55:53 but "anyone who supports spender is spender" is a silly argument tbh 2017-03-15 06:56:02 that's not what i mean 2017-03-15 06:56:16 spender is very much a winners/losers kind of guy 2017-03-15 06:56:20 much like the current US president 2017-03-15 06:56:30 spoiler: i'm actually pipacs 2017-03-15 06:56:33 and ephox combined 2017-03-15 06:56:48 how much is your salary from grsec then? ;) 2017-03-15 06:56:54 $500/month 2017-03-15 06:56:56 -$500/month* 2017-03-15 06:57:04 shit $500/mo is ballin money in hungary 2017-03-15 06:57:22 actually i do not know if it is or not 2017-03-15 06:57:22 eh, memes aside, grsec is a tough subject 2017-03-15 06:58:19 honestly i don't think it should be. i wish spender just did his thing, and linux foundation did its thing. spender/pipacs could keep putting up their mitigations and fixes, and LF could keep doing what they do best (nothing^Wtimproving performance, adding good driver support, calling bugs bugs, etc) 2017-03-15 06:58:36 haha linux foundation 2017-03-15 06:58:47 people who really want good security can patch -p1 < ../grsecurity.patch, people who don't can just use regular linux 2017-03-15 06:59:05 and meanwhile, people slowly make grsec more and more accessable, like Corsac's linux-grsec 2017-03-15 06:59:17 ryonaloli: "people who really want good security can pay $500/instance/month and patch -p1 < ../grsecurity.patch, people who don't or can't afford it or run linux distros can just use regular linux" 2017-03-15 06:59:34 asie: yeah, and then get pwnt by cheap $20k sploits 2017-03-15 07:00:02 to put it into perspective, an apache exploit goes for arround $1m, same with IIS 2017-03-15 07:00:04 ryonaloli: i can't afford $500/month for my $10/month VPS 2017-03-15 07:00:13 ACTION hopes no one realizes that those two are the most expensive to buy 2017-03-15 07:00:34 apache? really? 2017-03-15 07:00:37 huh. 2017-03-15 07:00:53 apache is $1-2m when selling to gov't. apache core is *really* fucking hardened. 2017-03-15 07:01:01 raytheon si can sit down for months not finding any bugs. 2017-03-15 07:01:08 whereas nginx? 2017-03-15 07:01:18 look we know nginx is crap 2017-03-15 07:01:19 nginx prides itself on not having many assert()s :P 2017-03-15 07:01:24 anyone who looks at nginx code 2017-03-15 07:01:26 isn't lighttpd worse though? 2017-03-15 07:01:29 will know immediately it is crap 2017-03-15 07:01:30 at least that's what i heard 2017-03-15 07:01:37 i dunno much about lighttpd. i've heard conflicting things. 2017-03-15 07:01:49 i had the 'pleasure' of hacking in syslog support into nginx once 2017-03-15 07:01:51 i suppose this explains why openbsd wrote their own httpd, and botched it by forcing it in two weeks after the project started into mainline 2017-03-15 07:01:54 it took quite a bit of booze 2017-03-15 07:01:57 to make it happen 2017-03-15 07:02:06 my co-admin wants to switch to node.js 2017-03-15 07:02:10 to replace both php and lighttpd all together 2017-03-15 07:02:15 co-admin for what 2017-03-15 07:02:19 a website of mine 2017-03-15 07:02:24 which is? 2017-03-15 07:02:26 he does the software dev work 2017-03-15 07:02:46 i need to have an idea of what type of website needs this mission critical security work 2017-03-15 07:02:47 a rather nsfw website which i won't post here 2017-03-15 07:02:53 so it's not that important 2017-03-15 07:03:06 but i still want to keep it secure since i use it as a testing ground for some things 2017-03-15 07:03:13 > security 2017-03-15 07:03:15 > using PHP 2017-03-15 07:03:17 :D 2017-03-15 07:03:25 well there's always suhosin :P 2017-03-15 07:03:33 (and it should be better than node :P) 2017-03-15 07:03:37 but still 2017-03-15 07:03:49 i haven't looked into node too much anyway 2017-03-15 07:03:58 its a shitshow 2017-03-15 07:04:05 hope that helps 2017-03-15 07:04:07 yeah not surprised 2017-03-15 07:04:14 i imagine quite a bit worse than lighttpd 2017-03-15 07:04:33 but we're switching from nginx to lighttpd due to having far less code 2017-03-15 07:04:41 ryonaloli: i mean, dont get me wrong -- i wish spender would be chill 2017-03-15 07:04:41 and a smaller binary even with the lightest configuration 2017-03-15 07:04:53 kaniini: the smartest people seem to be the ones with the biggest ego 2017-03-15 07:05:09 spender, theo, literally anyone who works for the intelligence community and who speaks in public 2017-03-15 07:05:11 ryonaloli: not always, i know plenty of people who are very smart and quite humble 2017-03-15 07:05:52 ryonaloli: the correlation only works one way and it's flawed at best 2017-03-15 07:06:19 asie: that's probably true, correlation bias and all. 2017-03-15 07:06:22 i mean 2017-03-15 07:06:25 up until august 2015 2017-03-15 07:06:30 solar, comex, etc. 2017-03-15 07:06:43 but then there's kernelbof, grugq, halvar? those are some big egos. 2017-03-15 07:06:47 we were quite happy with grsec being the go-to kernel patch of choice for people needing a hardened environment 2017-03-15 07:07:22 it was good 2017-03-15 07:07:28 alpine users were quite happy 2017-03-15 07:07:40 we gave back fixes to spender 2017-03-15 07:07:55 including in pax 2017-03-15 07:10:49 ryonaloli: i wouldn't write off the alpine hardened kernel quite yet. there are good people who work on the kernel around here who have a reasonable idea of what they are doing -- maybe we are not spender, but we have managed to keep a fork of grsec going for the past year and a half without serious incident :) 2017-03-15 07:11:11 well aside from not upstreaming important mitigations to 0day which get silently rolled out :P 2017-03-15 07:11:42 well, that is on spender. personally i would not want that on my conscience, but he seems to not care 2017-03-15 07:11:46 (which sucks because spender not wanting the kspp to know causes alpine to not know either) 2017-03-15 07:11:53 yes, alpine is slightly, um 2017-03-15 07:12:08 understaffed to read every single grsec update every hour of every dya 2017-03-15 07:12:13 day* 2017-03-15 07:12:18 they do their best but they can only do so much 2017-03-15 07:12:26 asie: it'd work out if the changelogs were descriptive 2017-03-15 07:12:29 we havent looked at grsecurity since august 2015 except to import RAP :) 2017-03-15 07:12:31 but he loves keeping things to himself 2017-03-15 07:12:34 oh dear 2017-03-15 07:12:37 you should diff each update 2017-03-15 07:12:43 you will find neat things 2017-03-15 07:12:45 "should" 2017-03-15 07:12:49 we have in the past 2017-03-15 07:12:50 that won't last for long will it eh 2017-03-15 07:12:55 yeah :/ 2017-03-15 07:13:17 well, at least rebase on 4.9.9 2017-03-15 07:13:27 there have been a lot of improvements that landed in there 2017-03-15 07:13:29 (not talking about RAP) 2017-03-15 07:13:54 we can't 2017-03-15 07:14:11 the current grsecurity patches, even the 'free' ones violate our free software guidelines 2017-03-15 07:14:18 really? how so? 2017-03-15 07:14:22 aren't they just GPLv2? 2017-03-15 07:14:32 well, i should rephrase 2017-03-15 07:14:35 in theory, they do not 2017-03-15 07:14:37 *can* they be anything but just GPLv2? 2017-03-15 07:14:40 no, the free ones 2017-03-15 07:14:44 can they be anything but "just GPLv2"? 2017-03-15 07:14:45 in practice, we don't really want spender causing us trouble 2017-03-15 07:14:53 unless your FSG includes "no code from spender" 2017-03-15 07:14:59 he can say literally nothing about what you do 2017-03-15 07:15:06 with stuff that's out there in public 2017-03-15 07:15:11 i mean, like i said 2017-03-15 07:15:14 we take a look at them 2017-03-15 07:15:47 how wouldspender cause troubles if you put the free, testing version in alpine? 2017-03-15 07:17:11 as you discuss earlier: he is revoking that 2017-03-15 07:17:49 at any rate, looks like we rebased on 4.9.14 a few days ago 2017-03-15 07:17:56 he's only not releasing anything new 2017-03-15 07:17:59 ah 2017-03-15 07:18:10 ok well that solves the problem 2017-03-15 07:18:19 it solves it for now 2017-03-15 07:20:44 ryonaloli: maybe the KSPP will get some additional help from alpine devs now :) 2017-03-15 07:56:36 Hi guys 2017-03-15 07:57:33 Maybe someone has an APK package for gitlab-ce? 2017-03-15 08:13:32 kaniini: does alpine have frame pointers enabled? 2017-03-15 08:13:42 in the kernel, i mean 2017-03-15 08:40:49 is php7 already implemented for alpine? 2017-03-15 08:43:06 <_ikke_> newbz: https://pkgs.alpinelinux.org/packages?name=php7&branch=&repo=&arch=&maintainer= 2017-03-15 08:43:55 oh its in the edge repo 2017-03-15 08:44:00 thanks 2017-03-15 08:44:49 <_ikke_> also in 3.5/community 2017-03-15 08:54:02 Hm... 2017-03-15 08:54:19 Is there a way to ask apk to install -doc packages to every package I install? 2017-03-15 08:55:03 I can tell apk install gdb gdb-doc for sure but gdb wants python2 and I also want a manual page for that thing. 2017-03-15 08:55:14 *Can I 2017-03-15 08:58:59 Also where can I find a debug symbols for smtpd? I have a segfault with the default config in 3.5.2 :( 2017-03-15 08:59:28 And for libcrypto 2017-03-15 08:59:37 segv in RAND_pseudo_bytes() 2017-03-15 09:20:25 consus__: you might want to install the -dbg packages for the debugging symbols 2017-03-15 09:21:11 Yes 2017-03-15 09:21:20 But there is no -dbg package for opensmtpd 2017-03-15 09:21:23 Or libasr 2017-03-15 09:21:32 But I've already found this bug in bugzilla 2017-03-15 09:21:43 It marked as fixed so I guess I'll just wait for the next release 2017-03-15 09:22:45 you can easily build one by adding a -dbg to subpackages in the APKBUILD file and doing an `abuild -r` afterwards 2017-03-15 09:22:57 :( 2017-03-15 09:23:10 Well of course I am 2017-03-15 09:23:27 But it would nice to have it in stock 2017-03-15 09:23:37 Why some packages do have a -dbg and some don't? 2017-03-15 09:23:52 *would be 2017-03-15 09:24:16 would be nice indeed to have -dbg automatically generated - agreed. 2017-03-15 09:24:38 i guess for lots of pkgs it doesnt make sense, like all the non-c/c++ pkgs 2017-03-15 09:24:51 Of course 2017-03-15 09:24:57 But we have a file utility 2017-03-15 09:25:09 That can tell us if we have any binaries in a package 2017-03-15 09:25:39 And if we do have it would be nice to have -dbg 2017-03-15 09:25:48 Patches welcome? 2017-03-15 09:25:50 binaries are also produced by stuff like go 2017-03-15 09:25:58 Why not 2017-03-15 09:26:10 Maybe it would help to debug stuff 2017-03-15 09:26:22 It heps with perl xs module a lot 2017-03-15 09:26:36 *modules 2017-03-15 10:09:00 ryonaloli: do you have url or reference that grsecurity testing patches will go dark? 2017-03-15 10:09:21 ncopa: nope, not out yet. go ask spender on #grsecurity on oftc. 2017-03-15 10:09:48 or ask perfinion in #gentoo-hardened here, who is also there and overhead some of it 2017-03-15 10:11:58 oh i see you're already on #grsecurity 2017-03-15 10:12:01 just read the scroll log then 2017-03-15 10:25:54 pardon my French but this backlog is some heavy sh*t 2017-03-15 10:26:19 sets many things I do daily in an entirely new light... 2017-03-15 10:26:28 re. grsec? 2017-03-15 10:28:12 i asked someone close to the grsec people and the answer was "possibly" 2017-03-15 10:29:35 yGweSm1OzVHe: possibly what? 2017-03-15 10:29:55 <^7heo> TBB: care to paste 2017-03-15 10:29:58 <^7heo> ? 2017-03-15 10:30:36 I meant the backlog on this channel, the entire grsec conversation 2017-03-15 10:30:46 <^7heo> ah 2017-03-15 10:30:50 yes its an interesting read. 2017-03-15 10:31:13 ryonaloli: "possibly going dark" 2017-03-15 10:31:20 yGweSm1OzVHe: oh, it's nearly certain 2017-03-15 10:31:22 <^7heo> I'll read that from a real screen tho 2017-03-15 10:31:26 spender was ranting and raving about it 2017-03-15 10:31:36 ryonaloli: he does tend to rant sometimes 2017-03-15 10:31:39 i mean, from his own mouth, saying it's a certainty 2017-03-15 10:31:41 let's just hope it won't happen :) 2017-03-15 10:32:04 ryonaloli, do you have a paste from it? 2017-03-15 10:32:18 Wizzup: has he done this before, saying there's nothing that will change his mind, but having enough people going to him being upset about it actually changing? 2017-03-15 10:32:22 clandmeter: maybe, one sec 2017-03-15 10:33:25 I can understand him in a way, it's not nice to work on something passionately for years only to see no compensation for it 2017-03-15 10:35:16 https://bpaste.net/show/8764af42e0ad 2017-03-15 10:37:16 so we all stop working on free software now? 2017-03-15 10:37:21 ryonaloli, thx 2017-03-15 10:37:41 yGweSm1OzVHe: yup. we all install windows me 2017-03-15 10:37:46 and grape ape 2017-03-15 10:45:14 Wizzup: well, if it does happen... at least he's not dropping the whole *project*... 2017-03-15 10:45:22 you can still pay $500/month 2017-03-15 10:45:25 for a single computer 2017-03-15 10:45:33 "pay $500/month for a single computer" yet you keep saying it with a straight face 2017-03-15 10:45:47 you know very well most people in here do not represent businesses with budgets sizeable enough to afford this 2017-03-15 10:45:53 asie: that's kind of the point 2017-03-15 10:46:06 Hmm 2017-03-15 10:46:14 i am aware most people who would need grsec *are* businesses with budgets sizeable enough to afford the grsec patches 2017-03-15 10:46:25 "oh don't worry, you can just do this thing that's extremely difficult for the average person to afford" 2017-03-15 10:46:37 eh. poe's law strikes again 2017-03-15 10:46:47 i don't know if it was someone here, but i remember someone saying "i'm not going to pay $500/month for my $10/month vps" 2017-03-15 10:46:50 me! 2017-03-15 10:46:54 that was you? :P 2017-03-15 10:46:54 it was actually me. 2017-03-15 10:46:57 yes 2017-03-15 10:47:02 it was perfect 2017-03-15 10:47:28 even the $10/month vps deserves to be protected 2017-03-15 10:47:31 yes 2017-03-15 10:47:49 not just the expensive $2000/month 1 TiB RAM quad xeon monster 2017-03-15 10:48:05 i understand spender. he doesn't like it when his work is abused, misused, stolen or applied incorrectly. 2017-03-15 10:48:09 such is the fate of a passionate developer 2017-03-15 10:48:19 but his answer, while the only answer, is also not the correct answer 2017-03-15 10:48:49 which is very unfortunate 2017-03-15 10:48:51 there /is/ no solution. his work will still be abused, misused, stolen and applied incorrectly, just with more spite/hoops 2017-03-15 10:48:59 because it's an answer pushed upon all of us 2017-03-15 10:49:02 until he blacklists everyone 2017-03-15 10:49:06 at which point, what's the point? 2017-03-15 10:49:34 at least to me, it seems like it doesn't directly affect him heavily 2017-03-15 10:49:42 it seems to be, to a large extent, just drama 2017-03-15 10:49:47 personal drama 2017-03-15 10:49:50 Hm.. 2017-03-15 10:49:51 no, he's passionate 2017-03-15 10:50:10 i'm pretty sure one of the initial reasons for him locking down was companies slapping grsec on their hardware mindlessly 2017-03-15 10:50:12 no? 2017-03-15 10:50:14 well that's still drama, even if it's a result of passion from someone who has an understanding of his field that precious few people do 2017-03-15 10:50:14 How often do you guys have a bugfix releases? 2017-03-15 10:50:36 that counts as "abused, misused"; stolen, to him, is people using his work without the respect he demands 2017-03-15 10:51:58 however, this is the ideal picture, painting spender as a passionate developer constantly attacked and harmed by the world as it stands 2017-03-15 10:52:10 but then we get the picture of spender's aggression over the marcan thing 2017-03-15 10:52:17 I need the most recent opensmtpd package 2017-03-15 10:52:18 and the image becomes a bit less ideal 2017-03-15 10:52:29 because the one in the main repo crashes with sigsegv :D 2017-03-15 10:52:32 in fact, i'd argue it shows the true motive: it's not strictly passion, but pride 2017-03-15 10:52:47 ego and passion are intimately related 2017-03-15 10:52:59 not necessarily 2017-03-15 10:53:51 well, if you give out something under a generous license because you want the world to be better, and you see someone to use it to rip off the world a bit 2017-03-15 10:54:09 you will not stop evil people 2017-03-15 10:54:10 it could even be valid to go ballistic 2017-03-15 10:54:35 darkfader: he didn't choose the license 2017-03-15 10:54:39 in the minecraft modding scene, i saw a lot of modders put their work under a restrictive license because they didn't want anyone to steal their work 2017-03-15 10:54:41 yeah but you can run around for a year and shout fucking assholes, i'm ok with that 2017-03-15 10:54:46 the end result was that those modders never got external contributions 2017-03-15 10:54:51 while people who wanted to steal their work did so anyway 2017-03-15 10:54:52 it's a derivative work of the linux kernel, which is GPLv2 2017-03-15 10:55:04 I wonder how nobody's even considered hiring him with a generous salary to do his development work. Oracle, for example, could well afford it and would gain a competitive advantage 2017-03-15 10:55:16 TBB: "i don't take mony from LF" 2017-03-15 10:55:24 TBB: they did that with ksplice, worked ok 2017-03-15 10:55:26 why couldn't we fund him for alpine? 2017-03-15 10:55:26 granted, that was after a lot of this shit went down 2017-03-15 10:55:28 but still 2017-03-15 10:55:34 solaris now has full hotpatching thanks to that 2017-03-15 10:55:36 asie: does alpine have that kind of money? 2017-03-15 10:55:40 ryonaloli: can we crowdfund? 2017-03-15 10:55:44 I was wondering about that possibility too, asie 2017-03-15 10:55:45 i would love to 2017-03-15 10:55:47 there are some companies slowly becoming interesting in alpine 2017-03-15 10:55:50 if you look at /names 2017-03-15 10:55:54 you got the kind of dough to pay someone like him? 2017-03-15 10:56:00 one person? no 2017-03-15 10:56:01 we can definitely hire people on the community 2017-03-15 10:56:03 the entire community? 2017-03-15 10:56:11 I'm not sure if the Alpine community could afford the amount of money he's talking about 2017-03-15 10:56:25 we can expand our community 2017-03-15 10:56:26 part-time? :) 2017-03-15 10:56:30 to *hire* him, you'd effectively be paying his entire salary 2017-03-15 10:56:38 or near it 2017-03-15 10:56:43 $500/month/every machine grsec is used on, correct? 2017-03-15 10:56:54 well that is ofc not gonna happen 2017-03-15 10:56:56 that's if you buy access to the patches 2017-03-15 10:57:01 no you don't understand 2017-03-15 10:57:01 I'm pretty sure it's impossible to pay that much, however, "volume licensing" of some sort could be done 2017-03-15 10:57:03 that's his entire salary, no? 2017-03-15 10:57:04 that's not the same as subcontracting from him 2017-03-15 10:57:20 TBB: impossible, because the moment he gives us stable patches 2017-03-15 10:57:23 paying $500/month/machine becomes redundant 2017-03-15 10:57:27 we'd effectively have to cover ALL of it 2017-03-15 10:57:45 also, "Sponsorship is a critical source of stable funding for grsecurity that has allowed our work to continue over the past 15 years and make it available for free to the public." <- will this be changed? :) 2017-03-15 10:57:45 plus, the community can't pay that... i mean you expect everyone who uses alpine with grsec to cough up $500/month? 2017-03-15 10:57:49 $6400/year? 2017-03-15 10:58:04 asie: after 4.9, when he finally closes it 2017-03-15 10:58:11 ryonaloli: you don't understand 2017-03-15 10:58:27 unless you do actually mean everyone using alpine with grsec, or rather everyone using grsec from alpine 2017-03-15 10:58:34 that'd probably quickly jump to millions of dollars a month 2017-03-15 10:58:44 i mean if you think the alpine community is gonna pay him, say, $100k a year 2017-03-15 10:58:59 that'd be doable, takes a company using alpine on what 2017-03-15 10:59:01 16 machines? 2017-03-15 10:59:32 think about it: if it cost a company $100k a year to pay spender for working on alpine-grsec 2017-03-15 10:59:39 the moment that company has 16 or more machines using grsec it's savings 2017-03-15 10:59:51 that's assuming it doesn't go down at all 2017-03-15 10:59:59 i imagine $6400/year is the base rate 2017-03-15 11:00:13 it likely drops significantly, to the point where 16 machines is far less 2017-03-15 11:00:15 i still think $100k a year is not at all impossible 2017-03-15 11:00:39 possibly, but do you have any such company in mind? and why would they use alpine, and not just directly go through spender as they already have? 2017-03-15 11:01:19 that is a good and hard question 2017-03-15 11:01:34 but it's the only route going forward, unless gentoo-hardened folk or someone enters an effective arms race with spender 2017-03-15 11:01:39 and we really really really really really don't need that 2017-03-15 11:01:50 an arms race to do what? 2017-03-15 11:01:56 no one can compete with him on this front 2017-03-15 11:02:16 I'm pretty sure there are a couple of people in the Linux community who can 2017-03-15 11:02:27 you'd be surprised 2017-03-15 11:02:34 no one understands the internals like he does 2017-03-15 11:02:36 however, those guys too want to pay their rent and eat something 2017-03-15 11:02:44 the people who do break thigns 2017-03-15 11:02:46 *things 2017-03-15 11:02:50 ryonaloli: i disregard most arguments which start in "no one" 2017-03-15 11:02:53 comex, halvar, etc. 2017-03-15 11:02:54 because that goes down to experience 2017-03-15 11:03:08 there are definitely people as talented as spender, if not more; they lack experience in the linux kernel specifically 2017-03-15 11:03:10 asie: well get solar designer to get familar with grsec then 2017-03-15 11:03:17 get him back in the game and maybe it'll work out 2017-03-15 11:03:17 but we can consider spender a lost cause at this point 2017-03-15 11:03:24 then get halvar on our side 2017-03-15 11:03:25 and comex 2017-03-15 11:03:29 i mean good luck with all it 2017-03-15 11:03:35 but it just won't happen 2017-03-15 11:03:36 his work is no longer available for usage by the alpine linux team in any rational manner 2017-03-15 11:03:45 in other words, spender does not exist in this context anymore 2017-03-15 11:03:47 name a second 2017-03-15 11:04:25 a second what? 2017-03-15 11:04:30 also, apparently the price does go down at volume: "Also they've asked us (a Russian hosting company) for $17000+ a year for access their stable patches. $17k is quite a lot for us. A question about negotiating a lower price was completely ignored. Twice." 2017-03-15 11:05:37 "a second what?" - a person not as good as spender but one whose work could still be valuable, obviously 2017-03-15 11:05:45 "nobody" is not an answer - security is important and something has to be done 2017-03-15 11:05:53 solar designer 2017-03-15 11:05:54 assuming a defeatist "only spender can save us!" attitude means that we all have lost 2017-03-15 11:06:09 halvar flake 2017-03-15 11:06:12 you are ignoring paxteam is as essential as spender to this 2017-03-15 11:06:19 yGweSm1OzVHe: he's onboard with spender 2017-03-15 11:06:23 i am aware 2017-03-15 11:06:24 unfortunately 2017-03-15 11:06:32 but just pointing out it's not only spender who's doing this 2017-03-15 11:06:38 there's two routes now: 2017-03-15 11:06:45 - find a way to work with spender, and we tried for a long time 2017-03-15 11:06:50 i believe pipacs is simply following spender's lead 2017-03-15 11:07:00 - effectively boycott spender by assembling a new, even if less experienced, security team 2017-03-15 11:07:14 forking is always an option indeed 2017-03-15 11:07:19 asie: not one of the people i mentioned would be willing to do that 2017-03-15 11:07:29 ryonaloli: then find new people and give them a chance 2017-03-15 11:07:40 but you cannot fork people quickly, takes more than a decade and is of questionably success probability 2017-03-15 11:07:42 do you see another option? 2017-03-15 11:08:36 it's either fork it or give up 2017-03-15 11:09:09 or switch to a different system 2017-03-15 11:09:15 like what? 2017-03-15 11:09:40 openbsd, hardenedbsd. maybe linux with quarkslab's capsulse. those are not nearly as good as grsec, but they're better than vanilla linux, or anything another team could assemble with a fork. 2017-03-15 11:10:00 OpenBSD as far as I recall has serious problems for non-security activities 2017-03-15 11:10:05 did they finally solve the biglock? 2017-03-15 11:10:15 for networking-related kernel code 2017-03-15 11:10:19 but that's all, so far 2017-03-15 11:10:24 oof, not enough. i kept running into stutter issues in desktop usage 2017-03-15 11:12:15 as I expressed my opinion at the project coffee space a moment ago... I think it's time for a better Unix :) 2017-03-15 11:12:33 I know, I know... "now there are 15 competing standards" (xkcd) 2017-03-15 11:12:36 TBB: there was an attempt, killed by lawyers 2017-03-15 11:12:48 hurd! 2017-03-15 11:12:53 hurd will save us! 2017-03-15 11:12:54 no hurd was killed by everyone but lawyers 2017-03-15 11:12:54 we need a microkernel! 2017-03-15 11:12:58 haha 2017-03-15 11:13:00 was thinking more about plan 9 2017-03-15 11:13:21 how did lawyers kill that one? 2017-03-15 11:13:40 they refused to release the source code when the project died under any sane licensing terms for a long time 2017-03-15 11:13:49 ah, okay 2017-03-15 11:13:51 we got a mixture of Lucent Public License for one release and, since 2013, GPLv2 for another 2017-03-15 11:14:09 and before that the license was even worse 2017-03-15 11:14:15 p9 had some good ideas, some of which have been brought over to Linux... but we could do so much more than just that 2017-03-15 11:14:19 well there could have been solaris :/ 2017-03-15 11:14:19 yes 2017-03-15 11:14:23 if oracle didn't kill opensolaris 2017-03-15 11:14:27 well, Plan 9 invented UTF-8 2017-03-15 11:14:29 we all benefit from it now 2017-03-15 11:14:46 ryonaloli: they re-enabled the big-lock before release, weren't completely sure it would work 100% and preferred to stay on the safe side 2017-03-15 11:15:00 yeh, and it took the concept of "everything is a file" a lot further than any other unixlike back then 2017-03-15 11:15:08 royger: the biglock for the networking code? 2017-03-15 11:15:24 TBB: which most unixlikes are now moving away from 2017-03-15 11:15:30 well, not really moving away 2017-03-15 11:15:32 yes oh yes, I'm in support of the new unix revolution! 2017-03-15 11:15:38 rather "everything is a file in a special binary format only our tool understands" 2017-03-15 11:15:45 "unless it isn't a file" 2017-03-15 11:16:04 i always wanted to work on my own hobbyist OS, just for fun 2017-03-15 11:16:05 asie, well, /proc and /sys are good examples on Linux of how that concept has been adopted 2017-03-15 11:16:15 TBB: yes 2017-03-15 11:16:50 is it openbsd which has those weird binary sysctls 2017-03-15 11:16:57 no i was thinking systemd log format 2017-03-15 11:17:00 no not that 2017-03-15 11:17:17 there's some OS with i think some sysctls that are totally binary 2017-03-15 11:17:19 sys has binary attrs to 2017-03-15 11:17:26 *too 2017-03-15 11:17:33 eh, even plan9 has some binary data, like /dev/audioctl 2017-03-15 11:17:37 there's reasons for it - binary is much faster to parse 2017-03-15 11:17:43 and parsing is not cheap 2017-03-15 11:17:51 but in that case a good answer would be to have a common binary serialization format 2017-03-15 11:17:56 which can be translated to text and back on the UI level 2017-03-15 11:17:58 Err 2017-03-15 11:18:02 ryonaloli: well, they are doing it in small parts, I think it's the forwarding path that still under the gian-lock, plus drivers and something else 2017-03-15 11:18:11 pf also it's single-threaded IIRC 2017-03-15 11:18:18 E.g. SysFS has binary attrs in order to allow you to push some binary crap without formatting 2017-03-15 11:18:21 Like a firmware 2017-03-15 11:18:25 royger: oh so atm pretty much everything 2017-03-15 11:18:53 drivers I guess it's on a drive-by-drive basis, and whether someone has converted it. 2017-03-15 11:19:14 well i run openbsd on a single core system anyway so it's not a real blocker for me. 2017-03-15 11:19:23 it will be if i switch my 48 core system to openbsd though... 2017-03-15 11:19:29 Still 2017-03-15 11:19:31 that i really really need linux on 2017-03-15 11:19:52 Is there a way to fetch newer binary packages while sitting on main? 2017-03-15 11:20:12 yup, apk add package@tag 2017-03-15 11:20:18 Hm 2017-03-15 11:20:20 ryonaloli: right, I think the scheduler is also a bit crappy on SMP, since it doesn't know anything about topology, so it tends to burn the cache 2017-03-15 11:20:40 And how soon there will be another 3.5.x? 2017-03-15 11:21:02 Crashing apps seem like a valid reason to release another one :) 2017-03-15 11:21:05 at some point, sure, there have been what, 3 releases of the 3.5 series already 2017-03-15 11:21:39 ahh, that reminds me, I should be debugging that bloody hplip bug that I'm by no means skillwise equipped to debug :/ 2017-03-15 11:22:02 What's wrong with hplip? 2017-03-15 11:22:37 asie: speaking of binary data and data in general, it's been my dream for years to get userland tools that would give me their output in both human-readable and machine-readable formats 2017-03-15 11:22:45 I use hplip by piping foo2zjs-wrapper to /dev/usb/lp0 :/ 2017-03-15 11:22:49 wait, no, not hplip 2017-03-15 11:22:51 i use foo2zjs, yeah 2017-03-15 11:22:59 because it just seems to work more reliably for me, heh 2017-03-15 11:23:14 consus: in my setups one specific shared library encounters an illegal instruction trap 2017-03-15 11:23:38 Gear up the gdb! 2017-03-15 11:23:42 asie, I'll have to consider that as a solution too unless one of our better coders can figure out what causes that crash 2017-03-15 11:23:59 Or systemtap 2017-03-15 11:24:08 It will give you enough info 2017-03-15 11:24:15 consus, not quite that simple, grsec makes using gdb pain 2017-03-15 11:24:40 systemtap then 2017-03-15 11:25:00 I'll look into that, thanks for the tip :) 2017-03-15 11:25:30 It works in kernel via the kernel API 2017-03-15 11:25:48 It should work fine with grsec 2017-03-15 11:26:08 overall I'll have to get a lot deeper into Linux in general, I'm already balls deep but I'm currently simply not man enough to fill it all :/ 2017-03-15 11:26:28 *cough* did I just type that? 2017-03-15 11:26:37 Oh yeah 2017-03-15 11:27:14 maybe if I got some of those "enlarge your linux" pills ... 2017-03-15 11:27:38 Eh 2017-03-15 11:27:43 It's not that hard 2017-03-15 11:28:32 It took me five or six month to learn how to work with Linux kernel code 2017-03-15 11:28:51 well it's one of those things, you know... the good old "the more you know the better you know how little you know" kind of scenario 2017-03-15 11:28:53 block/ and kernel/ mostly, but nevertheless 2017-03-15 11:29:07 Well yeah 2017-03-15 11:29:41 and I've got a serious problem with regards to this in general as I've got an attitude problem with C :D 2017-03-15 11:30:12 Eh? 2017-03-15 11:30:28 I'm allergic to C 2017-03-15 11:30:30 Why? 2017-03-15 11:30:32 It dead simple 2017-03-15 11:30:35 *It's 2017-03-15 11:30:47 TBB: What languages do you like? 2017-03-15 11:31:17 Well I'd prefer to write my shit in Haskell, but performance is the issue so it's C =/ 2017-03-15 11:31:34 I think the root of that was that even though I've even coded in assembly for over two decades I never quite felt that knowledge transferred over to C 2017-03-15 11:32:14 the whole notation of it feels repulsive to me; it's probably just that I didn't spend enough time at it to acquire the taste for it 2017-03-15 11:33:32 asie, I'm not a programmer so what few programming needs I have I can handle with Bash and (laugh if you want to) TCL 2017-03-15 11:33:47 What's so funny about Tcl? 2017-03-15 11:34:00 I've always had my priorities elsewhere really, I quite early in my professional life came to the realisation that coding is not what I want to do for a living 2017-03-15 11:34:19 I'm honestly scared that I will realize that as well 2017-03-15 11:34:21 I'm sitting here at uni 2017-03-15 11:34:25 I don't know asie, I've grown to quite like it and today marks my 20th year with TCL 2017-03-15 11:34:29 but I do not have a plan B 2017-03-15 11:34:41 i already know i won't try to be coding 2017-03-15 11:34:53 i always avoided it as much as possible 2017-03-15 11:35:02 and i'm proud of that 2017-03-15 11:35:04 I don't have a plan B 2017-03-15 11:35:07 I basically try to be a "general specialist", in other words, have a wide picture of things, which is why I change my professional focus once every 5 years or so 2017-03-15 11:35:09 and I'm mildly scared 2017-03-15 11:35:13 asie: you can probably find a Plan B iso somewhere 2017-03-15 11:35:30 TBB: my professional focus is life 2017-03-15 11:35:35 I wish I had a Plan @ 2017-03-15 11:35:41 TBB: so far it's working just fine 2017-03-15 11:35:49 and i use plan 9, so all is good 2017-03-15 11:36:02 if it were entirely up to me, I would be working with pool billiards instead of IT, but there's no money in it 2017-03-15 11:36:31 https://lsub.org/ls/planb.html 2017-03-15 11:36:36 i'm gonna stay in it but not program 2017-03-15 11:36:41 Hello... 2017-03-15 11:36:42 and IT has taken so much of my time especially in the last couple of years that I had to give up my national ranking ... 2017-03-15 11:36:52 wait is this #alpine-linux or #cat-v 2017-03-15 11:36:53 i'm mildly confused 2017-03-15 11:37:43 Huray! 2017-03-15 11:37:46 alpine can do ruby 2017-03-15 11:38:04 So I can try to install gitlab 2017-03-15 11:38:32 I have a router with alpine 3.2.3 and I'm trying to implement a Nagios check 'check_procs'. But this commands doesn't 'see' all of the processes - using '-vvv' option it seems it runs just '/bin/ps' with no additional arguments which only shows processes from my current login session. 2017-03-15 11:38:34 Alpine has reminded me that my T61 is, in fact, a supercomputer 2017-03-15 11:38:42 i mean, i always wanted to get into art, and writing sometimes 2017-03-15 11:38:54 i wanted to do a lot of other hobbyist coding etc 2017-03-15 11:38:59 but somehow i got stuck working on minecraft mods in java 2017-03-15 11:39:02 what did i do wrong 2017-03-15 11:39:32 danci1973: grsecurity limits that 2017-03-15 11:39:50 TBB: Can I do something about it? 2017-03-15 11:39:58 asie, you were afraid of the starving artist lifestyle, that's what happened 2017-03-15 11:40:00 be root 2017-03-15 11:40:11 TBB: no 2017-03-15 11:40:12 TBB: i.e. allow chec_procs to 'see' all processes? 2017-03-15 11:40:13 actually, no 2017-03-15 11:40:30 i have actively refused free money multiple times at this point 2017-03-15 11:40:53 danci1973, I'm not sure exactly how grsec limits it, just a sec 2017-03-15 11:41:02 by which i mean rejecting the usage of mod hosting services providing payouts per download (higher than the usual ad-based URL shortener, as the funding is a bit different) 2017-03-15 11:41:11 or, rather, one service in particular 2017-03-15 11:41:52 more that every time i tried doing anything outside of coding i was so dissatisfied with the results and frustration i just went back to doing what i'm already decent at 2017-03-15 11:42:04 asie: ah. I came to a crossroads 10 years ago where I had to decide which two of IT, pool and music production I can continue with 2017-03-15 11:42:20 i'm just horrible at anything which is not coding at this point 2017-03-15 11:42:23 this possibly includes survival 2017-03-15 11:42:42 just make easy money in IT and fund music hobby 2017-03-15 11:42:57 music never makes money so this is the way to combine it 2017-03-15 11:44:19 i should sell my small collection of retro hardware, but i don't have the heart to 2017-03-15 11:45:06 don't then? :) 2017-03-15 11:45:51 hardware is the only thing that didnt disappoint me from technology 2017-03-15 11:46:23 software is always shit, special purpose hardware doesnt even loose much value 2017-03-15 11:46:53 so i wish i had gotten more music gear even earlier 2017-03-15 11:47:05 especially when i still had more space! :) 2017-03-15 11:49:20 in my case, IT ate all the time for both pool and music 2017-03-15 11:49:42 and what it didn't was consumed by women, wine and song... 2017-03-15 11:57:43 What are flagged packages on pkgs.alpinelinux.org? They don't seem to be included in either of the APKINDEX-es 2017-03-15 11:58:39 danci1973: seems grsec limits visibility to kernel processes at least; not sure if it can be sysctl'd away, but I'm pretty sure the 'see only your own processes' mechanism is sysctlable 2017-03-15 12:03:49 Well. That was a pretty intense scroll buffer. 2017-03-15 12:38:29 TBB: sounds still kinda healthy 2017-03-15 12:38:36 <^7heo> moin hiro 2017-03-15 13:23:31 moin moin :) 2017-03-15 13:24:09 hmm, someone pointed me to this: https://bugzilla.mozilla.org/show_bug.cgi?id=1345661 2017-03-15 13:24:26 any idea what alpine's way of handling it is? or does this just affect prebuilt binaries from moz? 2017-03-15 14:12:37 dalias: look at http://git.alpinelinux.org/cgit/aports/tree/testing/firefox/APKBUILD 2017-03-15 14:12:52 --disable-pulseaudio 2017-03-15 14:13:47 until FF54 exclusive 2017-03-15 14:14:58 asie: is that official? They said they would not delete the alsa code 2017-03-15 14:18:24 as far as i know FF54 introduces a sandbox which simply doesn't work with alsa 2017-03-15 14:18:29 so someone'd have to fix it 2017-03-15 14:18:47 they said for now they're not removing alsa and patches will still be accepted, but they won't push further fixes on their own. my interpretation is that unless someone steps up and takes ownership of alsa in firefox, it will break completely sooner rather than later 2017-03-15 14:18:57 yes 2017-03-15 14:18:59 FF54 will break it at least 2017-03-15 14:19:58 iirc someone at that bug (or another related one) offered to take ownership of alsa, but i don't recall public followups 2017-03-15 14:22:32 (fwiw, i was working for mozilla for some years till recently) 2017-03-15 14:34:30 if i understand correctly, all we need to make sandboxing work is to allow firefox to access to the alsa devices in /dev right? 2017-03-15 14:39:01 actually that's already the case https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#118 2017-03-15 14:39:26 look at line 149 2017-03-15 14:39:54 lol @ stupid bot 2017-03-15 14:46:19 15:18 asie as far as i know FF54 introduces a sandbox which simply doesn't work with alsa 2017-03-15 14:46:23 asie: what about oss? 2017-03-15 14:56:58 pa would need to escape the sandbox too, it's just that it will, and unless someone does it for alsa, alsa won't, as far as i understand 2017-03-15 15:01:23 ncopa, it would be helpful for alpine maintainers to comment on that bug report in a manner that sounds intelligent and aimed at fixing things 2017-03-15 15:03:15 hi dalias been busy with other stuff this morning. some grsecurity drama... 2017-03-15 15:03:33 yes, if grsecurity goes dark 2017-03-15 15:03:41 this is problematic for us in the short term 2017-03-15 15:03:57 wow, that firefox alsa bug on bugzilla is long 2017-03-15 15:04:00 if pax is included in that going dark, that is even worse 2017-03-15 15:04:14 kaniini: it will likely happen 2017-03-15 15:04:19 and yes, it will include pax 2017-03-15 15:05:01 i think the core of the problem is this: just tired of being disrespected and exploited 2017-03-15 15:05:30 he is not exactly the easiest person to get along with though 2017-03-15 15:05:42 i know 2017-03-15 15:06:48 co-operating with humans and kernel security are different skill sets 2017-03-15 15:07:13 dalias: --disable-pulseaudio 2017-03-15 15:07:22 dalias: is pretty much how we solve it iirc 2017-03-15 15:11:23 oh the firefox issue is drama too 2017-03-15 15:11:28 supposedly alsa is going to break 2017-03-15 15:11:32 because of the sandbox model 2017-03-15 15:11:56 intentionally break (from what i understand at quick look at it) 2017-03-15 15:12:17 yay drama 2017-03-15 15:12:18 i dont know if i have energy for more drama today 2017-03-15 15:12:19 in order to keep working it probably needs some special handling to hook it up to the sandbox 2017-03-15 15:12:22 :( 2017-03-15 15:12:45 well i will start working on drafting a -hardened APKBUILD as previously discussed 2017-03-15 15:13:02 i think PaX on its own will be easy enough to rebase 2017-03-15 15:13:27 pax will go dark too 2017-03-15 15:13:33 yes, hince rebase 2017-03-15 15:13:44 although that only buys us time :/ 2017-03-15 15:13:53 because eventually it will break 2017-03-15 15:14:21 i suspect thinkgs will stop at next kernel upgrade 2017-03-15 15:14:43 4.9 -> 4.$next 2017-03-15 15:15:24 that they upstream some of the grsec feature does not make it easier 2017-03-15 15:15:52 with PaX going dark, i'm not sure what we can do really 2017-03-15 15:15:58 same 2017-03-15 15:16:01 i dont know what we can do 2017-03-15 15:16:21 we can either try to fork PaX, or drop it and tell people if they really want the grsecurity to go buy a patch from spender 2017-03-15 15:16:21 the problem is at people level 2017-03-15 15:16:40 i don't think forking grsec is a viable way to go, it is too monolithic 2017-03-15 15:16:56 i doubt we can fork grsecurity 2017-03-15 15:16:56 imo, PaX is doable though 2017-03-15 15:17:06 right, that is what i am saying 2017-03-15 15:17:45 worst case we just have -vanilla provides=linux-grsec 2017-03-15 15:18:33 but i think PaX itself is maintainable 2017-03-15 15:18:45 i looked at it, it is not very invasive 2017-03-15 15:18:55 well, i mean, it is, but 2017-03-15 15:22:56 i'd argue alpine should just create its own patchset and build it up slowly and modularly, while keeping linux-grsec around for as long as 4.9 is supported 2017-03-15 15:23:00 (as in, by the kernel devs) 2017-03-15 15:23:37 I have an interface that needs to be setup via DHCP, but it must not get default GW from it... Is there a way I can setup /etc/network/interfaces to achieve that? 2017-03-15 15:24:44 asie: yes, that seems likely 2017-03-15 15:25:02 asie: however, we may not wish to keep 4.9 for many release cycles 2017-03-15 15:25:26 and i believe linux-alpine should then supersede both linux-vanilla and linux-grsec, being a "middle way" between the two 2017-03-15 15:29:54 while i don't have any stakes in this, i'd think that if alpine devs decide to roll out their own security system, it should not carry the name "alpine" in it. this way i think it could attract more attention and contribution for not having the image of being alpine specific 2017-03-15 15:30:02 Or to ask in a different way - can I add 'dhcpcd' options for specific interface(s) in /etc/network(/interfaces ? 2017-03-15 15:32:49 danci1973 has a good question; i don't know the answer tho 2017-03-15 15:48:10 hello, anyone there building linux kernel on alpine from source 2017-03-15 15:48:11 ? 2017-03-15 15:48:25 i have a asm/types.h not found error. 2017-03-15 15:48:34 apk add build-base 2017-03-15 15:48:35 I already install alpine-sdk 2017-03-15 15:49:03 you want build-base, alpine-sdk is for something else :P 2017-03-15 15:49:44 ah. okay. thanks @kaniini i am trying right away.. 2017-03-15 15:50:00 right. I've been doing alpine packaging and stuff for a year now, and now I find out about build-base :D 2017-03-15 15:50:26 alpine-sdk is for "i want to run abuild or master a cd image" 2017-03-15 15:50:33 build-base is for "i just want to run a compiler" 2017-03-15 15:51:02 seems like build-base is already installed 2017-03-15 15:51:26 weird 2017-03-15 15:51:32 where do you see asm/types.h error then 2017-03-15 15:51:51 is there anyway i check for build-base installation like an existence of file perhaps? 2017-03-15 15:52:15 apk add build-base "\n" OK: 892 MiB in 181 packages 2017-03-15 15:52:16 danci1973: and no, i am pretty certain /etc/network/interfaces does not support dhcpcd options :( 2017-03-15 15:53:32 here is the error from make on kernel 2017-03-15 15:53:33 https://paste.debian.net/920076/ 2017-03-15 15:55:03 hmm 2017-03-15 17:37:00 Can Alpine's Valgrind run musl binaries, or glibc or what? 2017-03-15 17:45:02 it can run musl binaries. not sure about others 2017-03-15 18:05:54 kaniini rkm: build-base doesn't include the linux-headers package you need to install that 2017-03-15 18:12:39 nmeum: that seems like a bug in build-base 2017-03-15 18:14:39 not really, if you want to installl the build dependency for linux-vanilla just go into the abuild directory and run abuild deps 2017-03-15 20:06:12 Anyone noticing errors when fetching the main 3.5 APKINDEX? 2017-03-15 20:06:43 Seems like I've seen more temporary errors lately. 2017-03-15 20:06:55 yes, here too 2017-03-15 20:07:12 from which mirror? 2017-03-15 20:07:22 it could be a broken mirror 2017-03-15 20:07:33 or maybe some DNS problem 2017-03-15 20:07:35 Unfortunately don't know since the VM for it went down 2017-03-15 20:08:03 http://dl-cdn.alpinelinux.org/alpine/ 2017-03-15 20:08:13 It's definitely not consistently failing, anyway 2017-03-15 20:10:02 I guess I could go prod the different mirrors and see if it's just one 2017-03-15 20:10:07 Nilium: when i have those dns errors, i usually reboot the host 2017-03-15 20:10:18 Well, that's basically what it's trying to do 2017-03-15 20:10:18 it's kind of annoying, but it resolves the problem quickly 2017-03-15 20:10:27 no i mean 2017-03-15 20:10:32 if a guest sees it, i reboot the host machine 2017-03-15 20:11:17 That said, don't know if it's a DNS error 2017-03-15 20:12:05 what do the errors look like 2017-03-15 20:12:06 ~reboot to fix~ 2017-03-15 20:12:12 ACTION pukes 2017-03-15 20:12:20 i do not think rebooting has any effect 2017-03-15 20:12:26 this isn't windows 2017-03-15 20:12:31 i suspect what we see here is temporary DNS issue 2017-03-15 20:12:33 ;) 2017-03-15 20:12:40 like some sort of DNS micro-outage 2017-03-15 20:13:16 dl-8 works for me in NY 2017-03-15 20:13:32 kaniini: "WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/APKINDEX.tar.gz: temporary error (try again later)" is unfortunately all I ahve 2017-03-15 20:13:34 *have 2017-03-15 20:13:41 Nilium : try dl-8 2017-03-15 20:13:42 that is a dns error i think 2017-03-15 20:13:54 I'll switch it around later. It's up now. 2017-03-15 20:13:54 I'm consistently getting 503 response for that file 2017-03-15 20:13:58 http://dl-cdn.alpinelinux.org/alpine/v3.4/main/x86_64/APKINDEX.tar.gz 2017-03-15 20:13:59 i do get that from time to time 2017-03-15 20:14:03 and it is just lack of dns response 2017-03-15 20:14:07 usually works fine 2nd attempt 2017-03-15 20:14:49 scv: i only really reboot the machine if it continues to fail to work, it usually fails from inside a separate network namespace yhough 2017-03-15 20:15:35 (and usually only if it fails over a course of 30+ minutes with different repos and DNS settings) 2017-03-15 20:16:06 https://paste.ofcode.org/TGAtQRqM6EMw7cxEPEA9ab 2017-03-15 20:16:36 so much paste service... 2017-03-15 20:16:43 lol 2017-03-15 20:16:56 better that than paste it directly 2017-03-15 20:17:11 anyone know any good/easy to setup paste service on GAE/python ? scrunge.us works but pretty complicated ... 2017-03-15 20:17:35 do it using s3 2017-03-15 20:17:39 much easier and cheaper 2017-03-15 20:17:51 s3 ? 2017-03-15 20:17:55 Xe : s3 ? 2017-03-15 20:18:07 tmh1999: AWS s3 2017-03-15 20:18:18 it will cost you $0.00/month with low usage for a single person 2017-03-15 20:18:38 reboot is a great solution for temporary dns issues, as it's a good time waster as anything else. plus, it takes the os out, freshen it up a little, and put it back in. perfect. or like.. leave the system for few mins. this would work too.. 2017-03-15 20:19:09 Xe: does it take long to setup AWS , with/without CC ? 2017-03-15 20:19:23 avih: not to mention if you had updated the kernel on the disk but haven't rebooted for it yet 2017-03-15 20:19:39 see. all the birds with one stone! 2017-03-15 20:19:39 tmh1999: it takes less effort than having this conversation 2017-03-15 20:20:07 Xe : well I am hosting my email at Google Apps. jjust skeptical to use another cloud provider service ... 2017-03-15 20:20:09 (i've had to make separate AWS accounts for several jobs now, it only takes 5 minutes w/ the phone verification step) 2017-03-15 20:20:26 Xe : so no CC, and free for 1 year ? 2017-03-15 20:20:33 you need a CC 2017-03-15 20:21:22 Xe : Amazon has email service you think ? 2017-03-15 20:21:40 they do, but i personally use google apps for my email because it's good enough 2017-03-15 20:21:49 and aws workmail is kinda weird 2017-03-15 20:22:35 I see. Thanks. I will give aws s3 a try. Yeah for mail I just need something with best availability. last time zoho sucked really hard 2017-03-15 20:42:34 ACTION is making good progress on splitting out each PaX feature 2017-03-15 20:43:06 <_ikke_> kaniini: ^5 2017-03-15 20:43:50 awesome 2017-03-15 20:43:55 and I don't use that word lightly 2017-03-15 20:45:10 however, i think that this patchset should be standalone like apk-tools, so maybe we should come up with some name for it 2017-03-15 20:45:11 :D 2017-03-15 20:51:55 if its not one thing is another... 2017-03-15 20:52:13 alpine repos are down 2017-03-15 20:53:34 seems it is a fastly DNS issue 2017-03-15 20:55:40 i had dns/access issues recently too, but then it got fixed 2017-03-15 20:55:58 (the main(?) apk repo) 2017-03-15 21:00:39 hello, I would like to known if it is possible to boot alpine linux from an iso image stored on a USB stick. I saw lot of examples, but it seems that it does not work 2017-03-15 21:03:44 mileage varies 2017-03-15 21:03:52 if it is an EFI-only system, may have problems 2017-03-15 21:04:29 it is not en EFI system 2017-03-15 21:05:36 the nlplug-findfs program in initrd seems to look for something 2017-03-15 21:05:56 ohh 2017-03-15 21:05:59 try mounting 2017-03-15 21:06:05 the USB to /media/usb 2017-03-15 21:06:10 or perhaps /media/cdrom 2017-03-15 21:06:12 :) 2017-03-15 21:06:18 then just type 2017-03-15 21:06:20 exit 2017-03-15 21:06:22 and it should continue 2017-03-15 21:06:28 hum 2017-03-15 21:06:31 I will try :) 2017-03-15 21:21:54 kaniini: i confirm that it works now. I have to first mount the USB key, then the iso file inside the USB key. 2017-03-15 21:22:35 Is there something I can configure inside grub2 to avoid those manipulations ? 2017-03-15 21:31:23 hello:-D8-) 2017-03-15 21:34:03 kaniini : you know why all is in this line ? http://git.alpinelinux.org/cgit/aports/tree/main/lua-sqlite/APKBUILD#n24 2017-03-15 21:34:22 kaniini : it causes ~/package/main/all/lua*sqlite*.apk to be there 2017-03-15 21:34:36 kaniini : caused by _package() function in APKBUILD 2017-03-15 21:35:05 i dont know, seems like a bug perhaps. but youd have to ask a lua person ;) 2017-03-15 21:35:19 actually 2017-03-15 21:35:22 that is definitley a bug 2017-03-15 21:35:48 Hi I do not understand you 2017-03-15 21:36:33 kaniini : should I just strip off _package thing ? 2017-03-15 21:36:53 the :all part i think 2017-03-15 21:37:31 I want to strip off _package:all and move _package() into package() 2017-03-15 21:37:38 _package() sounds like ... 2017-03-15 21:42:27 kaniini : you are right, only :all part 2017-03-15 21:46:31 kaniini : I wish I had a teacher in college who is actually a programmer, so that he would teach his students some shell, perl, lua or at least python, rather than diving in how to OOP-ing java or MIPS hello world. 2017-03-15 21:48:29 :) 2017-03-15 21:48:56 tmh1999: find whatever teacher teaches Operating Systems 2017-03-15 21:49:05 they usually got connections like that 2017-03-15 21:50:39 kaniini: Is there something I can configure inside grub2 to avoid those manipulations (mount usb, then mount iso) ? 2017-03-15 21:51:16 i never got around to debugging that part or i would just fix it :P 2017-03-15 21:51:27 ok :p 2017-03-15 21:51:34 thank you :) 2017-03-15 22:07:18 Xe : what a shame that my *national* school does not have anyone does OS class (or I was unlucky) then the department assigned a guy who does SoftwareEngineering to do OS class 2017-03-15 22:07:26 xe : I mean, really? SE for OS class. 2017-03-15 22:08:44 Xe : I should call the dean and tell him to do a degree in OSS 2017-03-15 22:13:47 tmh1999, titles arent everything though 2017-03-15 23:25:24 does alpine-linux have "binary-blobs" or firmware in the repo? 2017-03-15 23:59:12 ericnoan: there is linux-firmware 2017-03-15 23:59:43 alright thx 2017-03-16 02:41:30 so I'm playing with rsyslog and elasticsearch. http://alpine-devel.alpinelinux.narkive.com/b6Hfu6Nu/re-alpine-add-eleasticsearch-subpackage-to-rsyslog looks like a long time ago someone supplied a patch to http://git.alpinelinux.org/cgit/aports/tree/main/rsyslog/APKBUILD to enable it... Anyone know how I would go about getting that finished? 2017-03-16 02:43:03 it looks like it would be something like 8 additional lines following the pattern for all the other sub-packages 2017-03-16 02:52:21 thetrav : you can check the log for the patch ? http://git.alpinelinux.org/cgit/aports/log/main/rsyslog/APKBUILD 2017-03-16 02:53:25 can't actually see that it's ever been applied. In fact, the archive i linked to doesn't appear to have a copy of it. 2017-03-16 02:56:06 is there a way for me to write it myself and submit it as a pull request? 2017-03-16 02:56:27 I'm happy to do the reading and leg-work if you just want to link me to a "do it like this" document? 2017-03-16 03:01:24 thetrav : what is the patch is about ? 2017-03-16 03:01:41 I am just an user though 2017-03-16 03:02:32 rsyslog has output modules. One of them allows for it to output directly to an elasticsearch endpoint. enabling it requires a so file to be copied and a --enable-elasticsearch when compiling 2017-03-16 03:02:55 the existing APKBUILD already does the same thing for mysql, postgres, redis etc 2017-03-16 03:08:34 .buffer close 2017-03-16 03:13:27 chancez ? 2017-03-16 03:15:52 first time installing alpine in vmware workstation and it's failing to boot, anyone have experience with that? 2017-03-16 03:19:09 nope, but failing how? 2017-03-16 03:20:46 I tried both the virt and standard versions of the x64 iso, for the virt iso boot hangs at the initial prompt, and with the standard version it fails with the message "Mounting boot media failed" and drops me to a prompt. 2017-03-16 03:21:32 typing exit from the prompt twice crashes the kernel 2017-03-16 03:39:44 well, digging through the init shell script in the initramfs image now, hopefully that has some clues as to what's going on here 2017-03-16 03:50:47 it's timing out in the call to nlplug-findfs which is causing the error 2017-03-16 03:50:56 using "grsec debug_init" is very helpful 2017-03-16 03:51:10 yeah sorry, I'm not going to be any help with that one 2017-03-16 03:51:18 my experience is limited to docker containers 2017-03-16 03:52:28 ah, that's okay, thanks for giving it a shot anyway 2017-03-16 03:52:50 my guess at this point is that it doesn't have the right driver 2017-03-16 03:55:00 incomplete initramfs 2017-03-16 03:55:07 I just woke up to say that 2017-03-16 03:57:36 how's it incomplete? the iso I'm using is good 2017-03-16 03:58:03 or, alternatively, incorrect boot loader configuration. check what root= points to in it and that /etc/mkinitfs/mkinitfs.conf has the features enabled you need for booting 2017-03-16 03:58:58 alright, I'll try that 2017-03-16 03:59:48 I'd be more thorough with my reply but if I stay at the computer for two or three more minutes I won't be able to fall asleep again... 2017-03-16 05:04:02 Hi guys, I have just installed alpine linux on a VM and gotten xfce4 working, but I'm having some real trouble installing firefox-esr. Every time i `apk add firefox-esr` it complains that firefox-esr is missing, "required by world[firefox-esr]. I was able to install vim, what am I missing here? Other browsers like chromium arent installing either and I can't find anything online 2017-03-16 05:37:21 <_ikke_> suboptimal90: You probably need to add the community repository 2017-03-16 09:16:18 aw, no hot rumours to read this morning 2017-03-16 09:25:29 <^7heo> TBB: I heard that RMS and Pottering were planning to have a baby together. 2017-03-16 09:25:57 sounds like the rest of Pottering's plans 2017-03-16 09:26:41 <^7heo> Also sounds like RMS's only chance for fatherhood 2017-03-16 09:26:51 <^7heo> ACTION hides 2017-03-16 09:30:01 RMS wont be a good father 2017-03-16 09:30:44 he's not even a good person 2017-03-16 09:31:27 <^7heo> tgat is not the point 2017-03-16 09:31:31 <^7heo> that* 2017-03-16 09:31:55 not capable for an open source discussion, his mindset is encaged in a damn narrow view 2017-03-16 09:32:27 <^7heo> I honestly don't think poettering's fatherhood would be a delight either. 2017-03-16 09:32:44 <^7heo> but it's also beside the point 2017-03-16 09:33:45 <^7heo> the point was to give TBB some hot rumors, as requested 2017-03-16 09:34:24 well he got what he requested. lets move on 2017-03-16 09:36:01 i dont like RMS 2017-03-16 09:36:16 <^7heo> not a lot of people do 2017-03-16 09:36:37 i thought hes a god to the open source community 2017-03-16 09:37:02 <^7heo> TBB: sorry you got only one meh rumor, I seem to be the only one willing to answer your call. ;) 2017-03-16 09:37:41 <^7heo> newbz: you have to filter the noise before you go crazy... 2017-03-16 09:38:27 <^7heo> newbz: any community is people too. 2017-03-16 09:39:28 <^7heo> newbz: and as everybody in our crowd knows: people, we've met enough of them. What a bunch of bastards. 2017-03-16 09:39:50 ye. its just he seems like a self loving prick relaxing on a ruleset he once made and code other people wrote based on that ruleset. 2017-03-16 09:39:57 like a politician 2017-03-16 09:42:10 <^7heo> well 2017-03-16 09:42:24 <^7heo> developers ARE politicians 2017-03-16 09:42:38 <^7heo> think about it 2017-03-16 09:43:06 im just delusioned, because he could have prevent so much if he actually could code shit 2017-03-16 09:43:16 because hes mainly right 2017-03-16 09:43:17 <^7heo> we write texts decribing how individuals should behave 2017-03-16 09:43:40 <^7heo> and those individuls just happen to be machines 2017-03-16 09:44:15 given enough distance everything looks the same 2017-03-16 09:44:39 <^7heo> that's what she said. 2017-03-16 09:44:51 sweet kek 2017-03-16 10:01:35 ^7heo: it's allright, I appreciate your effort :D 2017-03-16 10:02:17 and now I should get back to debugging hplip... I've been banging my head against that wall for two days now 2017-03-16 10:03:43 <^7heo> TBB: good headbabnging 2017-03-16 10:03:59 <^7heo> banging 2017-03-16 10:05:49 thanks, I'm pretty sure I get to enjoy it :/ 2017-03-16 11:12:20 okay 2017-03-16 11:12:51 seems HP has possibly broken something; 3.6.11 suffers from that illegal opcode problem I've been babbling about, but 3.6.3 does not 2017-03-16 11:46:23 I'll have a closer look at the differences, and maybe, just maybe, if i get the latest version to work I'll actually submit it 2017-03-16 13:24:39 hm. added printer, tested, works. removed and re-added, and the illegal opcode problem returned 2017-03-16 13:27:29 TBB, illegal opcode can happen if 1) the code is compiled againt newer cpu arch then you are executing, or 2) there's a bug and fortify catches the buffer overrun, it'll trigger invalid opcode exception to abort 2017-03-16 13:27:57 if earlier version used to work, it sounds like #2, and is an upstream bug 2017-03-16 13:28:12 yup, that's what it probably is 2017-03-16 13:31:17 my last lines above were the results of testing the older version, so the bug has been there for a longer time, it just seemed to meet its trigger condition less often in the old version 2017-03-16 13:39:18 found an interesting article stating compiler optimisation level can cause this problem with fortify... let's see 2017-03-16 14:14:21 ...naw 2017-03-16 14:14:29 upstream here we come 2017-03-16 14:39:21 meanwhile, cat file.pdf > /dev/usb/lp0 ... just works :D 2017-03-16 14:53:28 Hmm... Should upgrade from 3.2.3 to current release work hassle-free? 2017-03-16 14:56:27 <^7heo> danci1973: try and tell us :D 2017-03-16 14:56:39 <^7heo> (but let's go for... yeah, why not) 2017-03-16 15:00:52 Ok, will give it a go... 2017-03-16 15:42:05 is there any way to configure decrypting a system over ssh like i can do on arch? https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_.28hooks:_netconf.2C_dropbear.2C_tinyssh.2C_ppp.29 2017-03-16 15:42:32 i'm not sure whether syslinux has the same capacity for network/ssh hooks on boot 2017-03-16 15:43:00 i assume it's possible but i wouldn't know how to begin making it work 2017-03-16 15:47:36 gentoo wiki doesn't seem to have anything either 2017-03-16 15:47:49 i'll look at this later, bbl 2017-03-16 15:56:57 why don't u just replace syslinux with whatever arch is using in that setup? 2017-03-16 15:58:36 Hi all, is --virtual still a thing? I tried to use it recently but then when I went to delete my virtual package it got rid of lots of stuff (python2, python3 etc.) which I _hadn't_ added to my --virtual=.build-dependencies 2017-03-16 15:59:04 tech2_: what are the virtual deps? 2017-03-16 15:59:28 Xe: boost-dev build-base git graphicsmagick-dev libffi-dev openssl-dev python3-dev 2017-03-16 15:59:57 do you have the full command you used to create the virtual with? 2017-03-16 16:00:06 (and the output of it if possible) 2017-03-16 16:02:10 Xe: http://dpaste.com/19GG046 (output) 2017-03-16 16:02:50 Xe: apk add --update --no-cache --virtual=.build-dependencies boost-dev build-base git graphicsmagick-dev libffi-dev openssl-dev python3-dev && apk del .build-dependencies 2017-03-16 16:02:59 aight 2017-03-16 16:03:09 lemme set up an edge container and confirm that behavior 2017-03-16 16:03:11 sec 2017-03-16 16:03:15 thank you 2017-03-16 16:04:27 it's running tech2_ 2017-03-16 16:04:54 cool, shouldn't take long (I hope) :) 2017-03-16 16:05:25 yeah 2017-03-16 16:05:35 the big slowdown is the rotational drives of my server 2017-03-16 16:06:52 Xe: No pressure. Worst case I just go back to removing things the old fashioned way. 2017-03-16 16:07:01 yeah 2017-03-16 16:07:15 also, something you might want to look into that has made my alpine experience better 2017-03-16 16:07:32 https://github.com/erikh/box 2017-03-16 16:08:31 it allows me to go from this: https://github.com/Xe/dockerfiles/blob/master/lang/go/Dockerfile to this: https://github.com/Xe/dockerfiles/blob/master/lang/go-mini/box.rb 2017-03-16 16:09:04 Xe: Sadly not really an option for me, we're quite strongly tied to docker-compose as part of the build tool-chain, but thanks :) Maybe I'll get to use it outside of work. 2017-03-16 16:09:07 tech2_: it will remove dependencies of the dependencies you installed 2017-03-16 16:09:38 kaniini: well, yes, but only if they're orphaned I'd hope? 2017-03-16 16:10:11 tech2_: if they are only being added by that .build-dependencies virtual, then they would be orphaned 2017-03-16 16:10:15 tech2_: ah, shame D: 2017-03-16 16:11:21 kaniini: Some of the packages are installed prior to me installing the build deps (python2, python3, binutils...), why are they being removed? 2017-03-16 16:11:40 in your output, they are not 2017-03-16 16:11:52 there are 53 build dependencies being installed, and 53 being removed 2017-03-16 16:11:57 and they are the same 2017-03-16 16:12:13 for example, nginx is not being removed, nor is boost-python3 :) 2017-03-16 16:15:08 kaniini: so I may have been reliant on side-effects of leftovers in the past? 2017-03-16 16:15:41 yes, i would say so 2017-03-16 16:18:25 Thanks, will try again with some more specific selections. 2017-03-16 16:38:45 kaniini: thanks for the nudge, that seems to have fixed things 2017-03-16 16:40:36 I'm quite surprised that boost-python3 doesn't have python3 as a dep? 2017-03-16 16:41:15 could be broken 2017-03-16 16:41:23 try it and see :p 2017-03-16 16:42:16 kaniini: as per above "for example, nginx is not being removed, nor is boost-python3" - but python3 was removed for some reason. 2017-03-16 16:42:36 python3 was installed too 2017-03-16 16:42:38 your point? :p 2017-03-16 16:43:10 (as a build dep) 2017-03-16 16:44:06 kaniini: python3 should (imho, of course) have been installed as a dep of boost-python3, and therefore not removed when the build dependencies were. 2017-03-16 16:45:50 that is a defect of the boost-python3 package then 2017-03-16 16:57:45 tech2_: tbh i personally use two virtuals when i have to docker-compile things 2017-03-16 16:57:54 one for run, one for build 2017-03-16 16:57:59 kinda like how abuild works 2017-03-16 16:58:24 also i've been moving to making APKBUILD files for things instead of just containers 2017-03-16 16:58:36 kaniini: is there /etc/apk/repositories.d? 2017-03-16 17:07:31 Xe: yes 2017-03-16 17:10:27 Xe: apkbuild? 2017-03-16 17:11:00 tech2_: basically making stuff into packages instead of one-off in dockerfiles 2017-03-16 17:11:12 about half of it is so i could reuse things like that 2017-03-16 18:57:53 ncopa: why does ncurses-terminfo-base exist, if every terminal pkg (tmux,st,etc.) requires ncurses-terminfo with all ancient terminal profiles. shouldn't -terminfo be a complement for -terminfo-base? 2017-03-16 19:06:42 Package build logs are 404 on the pkgs.alpinelinux.org web site 2017-03-16 21:19:25 I have a chroot set up with /dev binded using mount --bind and when I try to output sound using "cat /dev/urandom | aplay" it says that the resources are busy. Outside the chroot everyting works but inside it doesn't 2017-03-16 21:37:40 you need to liberate the chroots from the slavemaster that is grsec! 2017-03-16 21:41:26 wield your -w longsword of sysctl and cut their chains! 2017-03-16 21:41:57 (no seriously, that's how you do it, I'm just trying to make it less dull than it is) 2017-03-17 01:51:58 anybody awake/around? I'm wondering if there's documentation about the configs=usb option of setup-alpine 2017-03-17 01:56:34 basically looking for a way to run from ram, loaded from a usb stick, with configs/overlays saved back to that usb stick...and data/var on a local ssd 2017-03-17 02:43:36 so I've found https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package and followed the instructions to modify the rsyslog package to include elasticsearch support... apkbuild -r seems to compile everything correctly, however I'm not sure how to test my built package 2017-03-17 02:44:02 15:56:57 < yGweSm1OzVHe> why don't u just replace syslinux with whatever arch is using in that setup? 2017-03-17 02:44:18 i guess i could, whether thats less or more effort than any alternatives.. 2017-03-17 02:44:22 i can always find out though 2017-03-17 02:46:01 erm, abuild -r, not apkbuild -r 2017-03-17 02:48:05 ok, so there's a packages folder in my ~ 2017-03-17 02:48:13 it contains the apk's I want 2017-03-17 02:48:21 so I guess I just install the apk from the file 2017-03-17 03:06:29 i may try an initramfs to load sshd + cryptsetup then i can just run the cryptsetup command over ssh directly 2017-03-17 03:06:39 thanks 2017-03-17 03:23:25 I've never quite understood that security setup 2017-03-17 03:26:39 https://bitbucket.org/piotrkarbowski/better-initramfs/ 2017-03-17 04:02:19 ephemer0l: interesting 2017-03-17 04:02:29 maybe we should make an initramfs-generator virtual 2017-03-17 04:03:57 kaniini: Most of the way to supporting that already :) 2017-03-17 04:04:15 TemptorSent: i mean for installed systems 2017-03-17 04:04:38 kaniini: Yeah, me too :) 2017-03-17 04:04:39 TemptorSent: mkimage is only for building live cd 2017-03-17 04:04:51 kaniini: Nope, it builds kernel configs now too. 2017-03-17 04:05:35 kaniini: mostly because update-kernel was incapible of filtering the content of modloop. 2017-03-17 04:05:46 TemptorSent: sure, but i mean, mkimage is only meant for live media 2017-03-17 04:05:59 TemptorSent: if you install alpine to a disk, it is not used 2017-03-17 04:06:16 kaniini: Well, mkimage is, but the toolset can essentially build any part of it too with a little tweaking. 2017-03-17 04:06:39 kaniini: Such as generating new overlays with configs for features baked in. 2017-03-17 04:07:00 how does that involve an already installed system 2017-03-17 04:07:21 kaniini: There really isn't any difference between a running system and an image except for a couple install directories and twiddlign mounts. 2017-03-17 04:09:36 kaniini: mkimage is a misnomer at this point, as it can make any part of a filesystem you want, including a just a chroot or just a kernel/modloop/initramfs set. 2017-03-17 04:10:32 TemptorSent: okay and how do i use it to upgrade my pre-existing system 2017-03-17 04:10:38 TemptorSent: how do i install new packages 2017-03-17 04:10:39 kaniini: mkimage is a short script which processes the command line and invokes the build. 2017-03-17 04:11:06 kaniini: I've been drawn here by finding this project's site. I've got issues with it's sponsor. more -offtopic related, though. So I thought I'd lurk here, but couldn't help but share that link. 2017-03-17 04:11:40 you're either missing my point or you've created something that we will never merge 2017-03-17 04:11:44 i'm not sure which ;) 2017-03-17 04:11:51 kaniini: I haven't added the glue yet, but I plan to allow adding features to an existing system the same way they get added to the image -- an overlay 2017-03-17 04:11:52 who's to say. 2017-03-17 04:12:21 TemptorSent: and the people who do not want to use any of this stuff and just want to use apk add/del as they always have? 2017-03-17 04:12:22 kaniini: That's why I was asking about the semantics of apk used in init . 2017-03-17 04:12:50 none of my alpine installs except hypervisors run from ram or do any of that stuff 2017-03-17 04:12:59 i just maintain them with apk 2017-03-17 04:13:18 i would argue most alpine installs are this way 2017-03-17 04:13:20 Go for it, it doesn't force anything, and the intent was for it to totally stand alone, just allow it to generate the necessary overlays and call apk. 2017-03-17 04:13:29 oh 2017-03-17 04:13:30 oh 2017-03-17 04:13:32 oh 2017-03-17 04:13:38 you're making something like debian's tasksel? 2017-03-17 04:13:54 ? Sorry, haven't used that. 2017-03-17 04:13:55 where you say "i want gnome" for example and it does the necessary steps 2017-03-17 04:14:04 or "i want a voip server" 2017-03-17 04:14:07 or whatever 2017-03-17 04:14:14 Oh, sorta -- yeah, it can do that. 2017-03-17 04:14:25 okay. you were scaring me 2017-03-17 04:14:31 ephemer0l: what sponsor is that? 2017-03-17 04:14:42 such as 'feature_ssh autostart autogenerate' 2017-03-17 04:14:52 kaniini: the one listed on this project's site 2017-03-17 04:15:00 ephemer0l: which? 2017-03-17 04:15:04 oh 2017-03-17 04:15:05 scaleway 2017-03-17 04:15:06 oh 2017-03-17 04:15:09 oh 2017-03-17 04:15:11 i see 2017-03-17 04:15:13 tbh 2017-03-17 04:15:17 i do not even know why we have that page 2017-03-17 04:15:22 It currently spits adds the required links to an overlay, generates keys, adds the appropriate set to the overlay, etc. 2017-03-17 04:15:32 there's more than just those two companies sponsoring infrastructure 2017-03-17 04:15:50 but hey, at least i do not have to tell you about how docker does not own alpine because it hired some alpine devs 2017-03-17 04:15:52 ;) 2017-03-17 04:16:38 To have it work on a live system, all you'd have to do is have it call "apk add $pkgs < $overlay.tmp" 2017-03-17 04:16:38 kaniini: I find myself sharing this more and more... https://www.youtube.com/watch?v=PivpCKEiQOQ 2017-03-17 04:17:08 It doesn't manage anything, it builds configurations. 2017-03-17 04:17:19 TemptorSent: yeah i get it now 2017-03-17 04:17:24 https://github.com/p8952/bocker 2017-03-17 04:18:04 So updating a kernel / using a modulare initramfs generator would be a trivial extension, as it just replaces one function call. 2017-03-17 04:19:10 About all it really tries to do tricky is allow overlays to be dep-based like openrc scripts so they apply correctly and have the right features enabled to work. 2017-03-17 04:19:55 TemptorSent: yeah, so basically it's like tasksel but sane 2017-03-17 04:20:03 That part I have a little clean-up work to do on, as I don't like the current repeated calls. 2017-03-17 04:20:12 Take a look, you tell me if it's sane :) 2017-03-17 04:21:01 well it seems to me like 2017-03-17 04:21:12 these tools should be outside aports tree, in packages 2017-03-17 04:21:18 if this is the new scope of them :) 2017-03-17 04:21:34 It basically builds a system or parts thereof of your chosing based on profiles, features, and overlays (more or less) and having the implementations for things like bootloaders, image types, kernels, archs, abstracted out so they can be added and modified easily. 2017-03-17 04:21:58 that seems like it is outside of the scope of the aports tree 2017-03-17 04:22:00 :P 2017-03-17 04:22:03 kaniini: That's the plan as soon as it reaches a point of reasonable usability and has had some review. 2017-03-17 04:22:33 Right, it will be at the same strata as mkinitfs or the like. 2017-03-17 04:22:37 TemptorSent: why not develop it outside the tree and then intergate it in later? 2017-03-17 04:22:48 because the original was already in the tree 2017-03-17 04:22:52 Xe: It started as mkimage :) 2017-03-17 04:23:10 ephemer0l: haha 2017-03-17 04:23:31 Xe: Well, it started as me fixing alpine-iso to do what I needed... then I found out that was depreciated and got pointed at mkimage a few weeks ago. 2017-03-17 04:24:17 It's gotten as bad as this :) https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-17 04:24:36 although i have a question 2017-03-17 04:24:42 why shell for the profiles 2017-03-17 04:24:45 why not just use yaml 2017-03-17 04:24:45 Shoot. 2017-03-17 04:24:54 and redo the whole thing in lua/python/whatever :p 2017-03-17 04:25:52 because then A: I'd have to parse yaml and B: I couldn't get away with the disgusting but useful tricks I used and still have it work with essentially no added packages required for most operations. 2017-03-17 04:27:22 TemptorSent: write it in go and then ship a static binary 2017-03-17 04:27:26 As it is, the script will happily run with nothing but busybox, apk, and the minimal crypto sig tools I believe if you redefine APK=apk rather than APK=abuild-apk 2017-03-17 04:27:42 *LOL* you're sick Xe, you know that? :) 2017-03-17 04:27:52 actually, i am 2017-03-17 04:28:09 What's next, haskel? 2017-03-17 04:28:18 it is packaged in testing 2017-03-17 04:28:26 I'd go back to make before I did that! 2017-03-17 04:28:33 and you can build static binaries in haskell pretty easily thanks to musl 2017-03-17 04:28:41 Actually, I had the make implemntation working surprisingly well. 2017-03-17 04:28:45 it's actually errily trivial 2017-03-17 04:29:06 Xe, Yeah, I'm trying to get the entire image down to < 20MB 2017-03-17 04:29:45 nim? 2017-03-17 04:29:51 it shits out microbinaries 2017-03-17 04:29:56 Actually, I'd love see a really stripped down setup for things like routers, but that might be asking too much. 2017-03-17 04:30:14 alpine-base and iptables is too much for you? 2017-03-17 04:30:32 Hmm, yeah.. but what's the chance that anyone who wants to make a custom whatever could figure it ou? 2017-03-17 04:30:56 unless you have the guile to do it in scheme 2017-03-17 04:31:02 kaniini alpine-baselayout and deps are actually a bit too much for skel really :) 2017-03-17 04:31:22 Xe: Punny one, ain't'cha? 2017-03-17 04:32:09 I prefer my hsilop notation. 2017-03-17 04:33:18 you could also hand-write some assembly that calls into C functions to do things like yaml parsing 2017-03-17 04:34:27 TemptorSent: btw i am just pulling your leg, it's great that stuff that is so core can be improved like that :D 2017-03-17 04:35:29 Xe: Don't tempt me -- I've written 8051 assembler to a uC using a basic loader and opcodes to write a new interrupt vector handler and monitor so I could use it for my own purposes :) 2017-03-17 04:36:16 having a tasksel-like frontend to it would be a major win 2017-03-17 04:36:32 i've been wanting to make an EFI bootable ISO of alpine so I could unblock myself on getting alpine on my EFI-only boards, improvments to making an iso will be great 2017-03-17 04:36:48 kaniini: It's somewhat like funtoo's extended profiles. 2017-03-17 04:37:10 what if this could be a feature of ACF? 2017-03-17 04:37:37 I just realized there's only a version of py-gst for gstreamer 0.10 and none for gstreamer1, is there plans to add a package for it? 2017-03-17 04:37:39 Xe: Take a look, I implemented what existed as far as getting the iso to utilize both the grub2 and isolinux loaders, so it shouldnt' be far off. 2017-03-17 04:38:05 I haven't looked at ACF yet in any depth, but I suspect it would be able to dovetail nicely. 2017-03-17 04:39:17 And I'm eventually going to canabalize mkinitfs into a plugin to make the granularity there much finer when desired 2017-03-17 04:39:53 And I'm tempted to just fork lddtree and include my own version of that too, because it seems the upstream is constantly broken 2017-03-17 04:40:30 But that can all just be done as a seperate dirctory to add to the core as needed if we want to trim it down. 2017-03-17 04:41:05 Part of what I want to accomplish is to only distribute out whats needed to rebuild itself with an image. 2017-03-17 04:41:57 Making regenerating an existing configuration with refreshed packages becomes simple and repeatable. 2017-03-17 04:44:18 I haven't gottent there yet, but I'd like to have the build system make a tarball of everthing needed to make the target system and nothing else. 2017-03-17 04:44:21 TemptorSent: okay but having something like tasksel would be nice :P 2017-03-17 04:44:53 kaniini: Okay, what do we need for the desired functionality compared to what I have currently implemented? 2017-03-17 04:45:00 https://www.howopensource.com/2013/05/install-lamp-server-using-tasksel-in-ubuntu-13-04-12-10-12-04/ 2017-03-17 04:45:03 not sure, but that's how it works 2017-03-17 04:46:14 Oh, gotcha -- yeah, no purdy menu interface yet. 2017-03-17 04:47:56 Actually, it already does a lot more than that it looks like, including allowing for selection between multiple provider for a featuer (dropbear/openssh) (isc(dhcpd/dhclient),dhcpcd(client only),busybox(udhcp[cd]) ) 2017-03-17 04:49:07 So mostly what it would need to do is spit out an overlay it looks like, and call apk for the packages. 2017-03-17 04:49:45 Nothing preventing the current architecture from doing that with some very minor modifications. 2017-03-17 04:50:58 But what I need to know to proceed is how apk handles the apk add ... --overlay-from-stdin < $ovlfiles construt. 2017-03-17 04:52:21 Some of the overall logic should be cleaned up a bit to support that better, and I've been working my way in that direction, so it should actually be clean soon. 2017-03-17 04:54:50 So I guess it's currently a file-driven tasksel + overlay builder + modloop generator + bootloader setup&configuartor + kernel configurator, but not yet mkinitfs. 2017-03-17 04:56:00 Take a look at the tree and you'll see what I mean I think. 2017-03-17 04:57:45 I'm currently working on splitting out the base overlay into a new overlays dir so we can easily support multiple base overlay types as needed and still use the rest of the profile (as you can with profile_base) 2017-03-17 04:59:36 That way you can build the same effective configuration to run on anything from x86_64 iso to rpi, uboot, etc on arm, to whatever flavor of rootfs, container, or vm image you want. 2017-03-17 05:01:16 And also build configs where no apk bootrepo is shipped and it's all fetched from within the initramfs. 2017-03-17 05:03:32 It's actually simple enough to run in an initram fs, so a config could be built directly to $sysroot before switch_root. 2017-03-17 05:04:43 ...and the overlays applied before openrc starts services. 2017-03-17 05:07:00 Adding the ability in the overlays to check for running services would be easy enough where needed (such as building a DB image), so we can just dump them in where needed (overlayfs or bind mounts work) 2017-03-17 05:07:38 Once loaded, dump the loader if you want :) 2017-03-17 05:09:34 seems to me 2017-03-17 05:09:50 we could use this to actually replace the current alpine installer (i.e. none) 2017-03-17 05:11:25 Basically, anything you want for a plugin, just create a plugin file and define plugin_whatever.... then the plugin loader will automatically load files called whaterver_ as well as the rest, and will check all loaded files for functions called whatever_whatnot() { 2017-03-17 05:13:22 kaniini: Yeah, right now I'm working on writng a lights-out (well almost, going to require customer to confirm wiping drives at boot) zfs based installer with preinitilized database, preestablished SSH keys, directory monitoring with incoming archive testing, extraction, ETL, and cold storage. 2017-03-17 05:15:02 I'm currently writing the actual zpool/fs creation bit as a script specific to their system, but it could easily be generated with a little fiddling. 2017-03-17 05:15:36 Once I've written the same thing more than two or three times, I write somethign to generate it for me :) 2017-03-17 05:17:15 ZFS is a bit different than most FS configs, in that I'm not partitioning anything, rather essentially setting up a hierarchy of filesystems. 2017-03-17 05:32:39 fabled: Thank you! Can I use it to specify files NOT to be written regardles of origin as well if I wish? A general mask essentially? 2017-03-17 05:33:36 fabled: And does it glob? 2017-03-17 05:53:58 TemptorSent, it can be used regardless of origin. it expects a filelist and is not a glob. 2017-03-17 05:59:01 fabled: Thank you. 2017-03-17 06:44:10 kaniini: Ok, it looks like we can probably apply overlays sanely to an existing system, so that should be a matter of writing an imagetype plugin for it. 2017-03-17 07:06:20 kaniini: So, what do we want in an installer, since most of it's there? 2017-03-17 07:36:47 the stuff we have now in the kindof installer ;) 2017-03-17 07:38:33 kaniini, we are waiting for that gtk installer ;-) 2017-03-17 07:39:25 well if there is a clean seperation between asking the needed questions, a gtk installer would be pretty easy 2017-03-17 07:40:39 I was referring to your latest apk-gui :) 2017-03-17 07:41:45 working on kernel stuff this weekend sorry ;) 2017-03-17 07:47:34 or maybe not 2017-03-17 07:47:38 this PaX stuff is a mess 2017-03-17 07:48:39 and the more i think about it, the more i come to the conclusion that for the typical deployment, application-level containment is a much larger win 2017-03-17 07:48:54 PaX is great, but it becomes pointless the second you install PHP 2017-03-17 07:49:29 also i found a lot of arguably bad code in PaX outside of the arch/x86 implementation 2017-03-17 07:49:38 i would not trust PaX on parisc, for example ;) 2017-03-17 07:49:44 it probably does not actually boot 2017-03-17 07:56:21 I probably don't need to tell you they're technologies that complement eachother, PaX and containers. 2017-03-17 07:56:51 after all, you're the one hacking on it :) 2017-03-17 07:56:54 you really don't 2017-03-17 07:56:56 :D 2017-03-17 07:57:20 however, PaX doesn't really do you much good when the real goal of an attacker is just to fuck up a website 99.9% of the time 2017-03-17 07:57:23 :P 2017-03-17 07:57:29 and having seen the sausage.... 2017-03-17 10:46:45 kaniini, TBB what are you referring to that you are hacking on; something like what oz from subgraph os does? 2017-03-17 10:47:52 kaniini is looking at PaX 2017-03-17 10:48:16 since the situation with grsecurity is getting worse and worse, some mitigative steps need to be taken 2017-03-17 10:48:45 yeah I'm aware of the situation, sad times 2017-03-17 10:50:14 TBB, this is what I was talking about https://subgraph.com/sgos-handbook/sgos_handbook.shtml#sandboxing-applications-with-subgraph-oz 2017-03-17 10:50:32 the kernel is grsec and it uses pax and container technologies to isolate apps 2017-03-17 10:50:54 not for long 2017-03-17 10:51:20 I'll have a look tho as soon as I get time, but the problem is that grsecurity won't be available soon 2017-03-17 10:52:09 yeah I'm aware as are the subgraph devs, as are the hardened linux people ): 2017-03-17 10:53:28 ah, so there's some movement in the community! 2017-03-17 10:53:54 that's good to hear; losing grsecurity will be a huge loss 2017-03-17 10:56:24 yeah the opensuse-gardened dev is also aware 2017-03-17 10:57:31 I wonder what the KSPP are thinking 2017-03-17 10:59:13 probably where they can get the resources to do development of the same level and quality as grsec :) 2017-03-17 11:00:35 there's a lot of sports-related spam on the forum, and nobody seems to pay any attention to it 2017-03-17 11:04:45 imv, can you provide me a link to it? 2017-03-17 11:07:30 imv, i cleaned it up. 2017-03-17 11:09:28 clandmeter, thanks 2017-03-17 11:10:44 if there are users that often visit the forum and would like to help maintain it, please drop an email to alpine-infra@alpinelinux.org 2017-03-17 11:11:44 for ppl who dont like mailing lists, you can also PM me. 2017-03-17 15:26:46 Where can I go to find out information about how Alpine linux is built? Specifically I am trying to figure out if Alpine linux was built on-top-of Busybox or if it was completely built from the ground up? 2017-03-17 15:50:10 built from ground up -- we just use busybox for /bin/ls and so on 2017-03-17 17:07:54 man, this stupid zfs/docker issue is driving me bonkers 2017-03-17 17:35:32 there's gotta be a guide for writing openrc init scripts somewhere.. 2017-03-17 17:41:54 TemptorSent: you around? 2017-03-17 17:42:11 Klowner: what sort of docker/zfs issue are you having? 2017-03-17 17:43:09 https://github.com/docker/docker/issues/24403 2017-03-17 17:43:21 failing to destroy the zfs dataset because it's "in use" 2017-03-17 17:43:54 can't delete until dockerd is restarted 2017-03-17 17:44:07 looks like running dockerd with `unshare -m` might fix it? 2017-03-17 17:45:08 Klowner: not sure, yeah I have run into those same issues. I've also done `unmount /var/lib/docker/zfs` then `zfs unmount` too, docker wasn't unmount the zfs subdir for some reason 2017-03-17 17:45:20 Is Alpine affected by this CVE: https://vuldb.com/?id.96893 If so is it being tracked somewhere? 2017-03-17 17:46:22 it was but that's old 2017-03-17 17:46:26 Hi mmlb, how's it going? 2017-03-17 17:46:26 the date on it is wrong 2017-03-17 17:47:05 TemptorSent: o/ pretty good yourself? Saw that you added some cross-arch fixes. 2017-03-17 17:47:29 looks like a crappy vuln-scraping site 2017-03-17 17:47:57 <_ikke_> ChrisRut: https://github.com/alpinelinux/aports/commit/f23c8c854458f4ed03157bba8603ce1248c34d3a 2017-03-17 17:48:20 mmlb: I had it building aarch64 uboot images happily until I went and created my own local repo for my work on x86_64 -- now apk pukes out a warning that breaks the pipe every time I try to pull packages on aarch64 | tar 2017-03-17 17:48:59 mmlb: It should still work as long as you don't have my particular flavor of hell :) 2017-03-17 17:49:02 ohh nice, I'll definitely give that a try then 2017-03-17 17:49:04 heh 2017-03-17 17:49:29 mmlb; Any other bootloaders should work too, but haven't been tested. 2017-03-17 17:50:13 TemptorSent: I come to you today in search of mkimage.sh generating just kernel and initramfs for ramdisk use only any thoughts? 2017-03-17 17:50:16 what the hell is an "Integer buffer overflow" ? 2017-03-17 17:50:24 it's either one or the other 2017-03-17 17:50:35 mmlb: And I created a skel profile that you should be able to use as the base for whaever you want. 2017-03-17 17:51:09 TemptorSent: oic minirootfs? 2017-03-17 17:51:32 mmlb: I haven't explicitly made it do that yet, but if you give it a profile it will spit out the necessary files in the workdir. 2017-03-17 17:52:02 dalias> the date on it is wrong 2017-03-17 17:52:11 mmlb: Basically, but it's a normal profile and can be used by others. 2017-03-17 17:52:11 You don't say. It's not even undecember yet 2017-03-17 17:52:54 odc: TRE & musl libc regex integer overflows in buffer size computations 2017-03-17 17:53:13 http://www.openwall.com/lists/oss-security/2016/10/19/10 2017-03-17 17:53:24 TemptorSent: I'll mess with it now. I'm trying to update our pxe booting alpine from 3.2.2 to 3.5.2 for x86_64, but am stuck trying to get udhcp to work 2017-03-17 17:53:28 that's clearer. Thanks scv 2017-03-17 17:53:43 presumably as it's an older vuln it's patched 2017-03-17 17:53:49 Thanks _ikke_ 2017-03-17 17:55:10 TemptorSent: I've got 2 use cases. 1st is boot with packer, install docker and build an image. Second is pxe boot on host, install docker and use said image to install os to disk, reboot 2017-03-17 17:55:20 mmlb: Oh, yeah - take a look at features/dhcp -- it should be able to autostart udhcpc for you. 2017-03-17 17:55:31 for x86_64 and aarch64 2017-03-17 17:55:35 will do 2017-03-17 17:55:58 mmlb: Why do you need the docker image to install the os on disk? 2017-03-17 17:56:49 idk, thats just the way things were done when I got on board here. No real reason why I can't do it from alpine, but 1 fire at a time 2017-03-17 17:57:16 mmlb: Okay... but I think you can PXE boot the image directly just fine. 2017-03-17 17:57:35 mmlb: ooo, I think I may have gotten something 2017-03-17 17:58:09 mmlb: I'll look at hacking up the init script to make it even easier, since I'm doing it anyway to autoinstall ZFS. 2017-03-17 17:58:11 TemptorSent: which image can be pxe booted? 2017-03-17 17:58:41 mmlb: Any of them given the appropriate bootloader config I suspect. 2017-03-17 17:59:02 nope.. 2017-03-17 17:59:03 mmlb: What are you using currently? 2017-03-17 17:59:32 TemptorSent: I'm confused right now, what am I using for what? 2017-03-17 17:59:45 Klowner: Note: using the new mkimage, not the existing images) 2017-03-17 18:00:03 mmlb: What bootloader are you using to pxe boot your images? 2017-03-17 18:00:41 TemptorSent: ipxe'ing kernel and initrd 2017-03-17 18:01:18 mmlb: Oh, that's even easier, no weirdness from some vendor. 2017-03-17 18:01:34 yeah 2017-03-17 18:02:46 I'm testing the update to 3.5.2 locally with qemu doing straight kernel, initrd (extracted out of release iso) but was hanging on ip=dhcp arg with an error about AF_PACKET(2,8) 2017-03-17 18:03:11 decided to come here and check your progress before hacking up extracted files 2017-03-17 18:03:57 mmlb: Hmm, not sure why the kernel isn't getting it done itself, but the initrd should be able to handle that? If not, it needs to :) 2017-03-17 18:05:04 mmlb: Take a look at the /etc/mkinitfs/features.d and see if any of them include the required files as is, that's the next major project to getting this whole mess cleaned up. 2017-03-17 18:05:42 mmlb: The default settings for the initrd don't include network fs stuff, so you'll be SOL if you need to nfs mount root or whatnot unless you roll your own. 2017-03-17 18:05:45 TemptorSent: I attributed it to missing modloop so not having AF_PACKET modprobe'd 2017-03-17 18:06:28 mmlb: Right. I've taught mkimage how to build modoops too, and have a TODO to include filtering of included modules there as well. 2017-03-17 18:06:31 TemptorSent: nope no network fs stuff, just modloop, but if I can just have initrd with what I need then thats even better 2017-03-17 18:06:37 er, modloops. 2017-03-17 18:07:17 mmlb: Yeah, you can bake-in whatever you need in the initramfs and forego the modloop entirely in many cases. 2017-03-17 18:07:47 I guess I should get on with pushing my changes to mkinitfs as it currently stands. 2017-03-17 18:08:01 less pieces is better for me, if I could have initrd baked into kernel then that would just be grand :D 2017-03-17 18:08:37 mmlb: That will take a bit more doing, since we'd have to build a kernel from scratch to include it directly, but it's not impossible. 2017-03-17 18:08:49 I just haven't done more than stub the custom-kernel code yet. 2017-03-17 18:09:22 yeah getting kernel initrd is great right now 2017-03-17 18:16:09 mmlb: Anyway, it looks like if we can get it pulled together, this might hit mainline by 3.6. Much testing needed :) 2017-03-17 18:18:09 mmlb: So if anything major needs to be reworked, I'd love to hear about it sooner than later. 2017-03-17 18:20:39 TemptorSent: I'll be testing it for my use cases and will surely let you know 2017-03-17 18:21:31 mmlb: Excellent. I expect a fair amount of breakage in untested sections, but nothing that should be too major to fix. 2017-03-17 18:22:31 mmlb: I don't like the way I'm currenly doing a couple of things because they make things a bit hard to follow, but those are on my short list to rework. 2017-03-17 18:23:32 TemptorSent: yeah i've done a little bit of jumping around but nothing seems horrible/insurmountable 2017-03-17 18:24:01 mmlb: The overlays being overloaded being the primary one -- the deps will move to their own functions so we don't have multiple-calling issues. 2017-03-17 18:24:21 ahh yeah, I'm skipping the overlays ;) 2017-03-17 18:24:42 mmlb: And a general deps resolver would be good. 2017-03-17 18:25:09 true, but I wouldn't want to make this wait on that seems sorely needed 2017-03-17 18:26:02 mmlb: I have a (mostly untested) deps resolver for the overlays to help make sure they apply in the right order, but haven't messed with the rest yet. 2017-03-17 18:27:21 mmlb: Basically, it doesn't break things currently with no deps in use, but it hasn't been tested against more than the simplest dep trees. 2017-03-17 18:35:41 TemptorSent: --profile virt does not seem to build initramfs into iso 2017-03-17 18:36:27 Hang on a sec, I may have not pushed a change. 2017-03-17 18:37:20 TemptorSent: also looks like the device tree step adds a space to the working dir at the end 2017-03-17 18:38:03 Well crap, I just ran out of space on my device. 2017-03-17 18:38:13 This might take a while. 2017-03-17 18:38:17 :D 2017-03-17 18:40:30 mmlb: Okay, wiped the working directory, back in business. 2017-03-17 18:40:46 mmlb: Attempting build of virt now. 2017-03-17 18:40:53 kk 2017-03-17 18:41:45 mmlb: Where did you see the space in the device tree step? I haven't tested that code path yet. 2017-03-17 18:42:42 https://gist.github.com/mmlb/a24820c1cd69fe4614dad2cb5d64388f 2017-03-17 18:42:44 mmlb: Never mind, found. 2017-03-17 18:43:30 sorry I assumed it was in dt step, should have worded a bit better 2017-03-17 18:44:14 mmlb: fix pushed, it was in device tree step, had a space in a mkdir command. 2017-03-17 18:44:31 yup just pulled 2017-03-17 18:45:22 TemptorSent: seeing symbolic link loop, normal? 2017-03-17 18:45:33 mmlb: It's building for me for x86_64 it seems. 2017-03-17 18:45:49 mmlb: Where's the link loop? 2017-03-17 18:46:34 hmm let me see something 2017-03-17 18:47:39 cp: can't stat './kernel_stage_devicetree-tmpworkker-843872e6e3445ddc88f2aa9fcff10614ad8d23f8.work/kernel_stage_devicetree-tmpworkker-843872e6e3445ddc88f2aa9fcff10614ad8d23f8.work/...... until it fails 2017-03-17 18:48:15 TemptorSent: note I have `--work=/tmp/work` tried again after adding `/` to the end and no problems, went back to missing `/` and also worked 2017-03-17 18:48:48 mmlb: Woah, that's odd. Must have missed a -p on a mkdir? 2017-03-17 18:50:10 hmmm idk, I just blew the work dir away and tried it both ways and had no problems. Maybe something from before I pulled 2017-03-17 18:50:46 TemptorSent: now stat errors in `overlays-alpine`: cp: can't stat './.ovlroot/etc/runlevels/sysinit/devfs': No such file or directory 2017-03-17 18:51:49 TemptorSent: see gist for new file with errors 2017-03-17 18:52:00 I'll be back in about an hour 2017-03-17 18:53:39 mmlb: Hmm, what FS is that on? 2017-03-17 18:54:59 zfs 2017-03-17 18:55:05 ohh 2017-03-17 18:55:20 hmm I can move to xfs 2017-03-17 18:55:42 mmlb: Okay - It looks like that's dying in the merge cp -lR may not be happy. 2017-03-17 18:56:01 TemptorSent: I'll debug a bit better when I get back 2017-03-17 18:56:14 mmlb: Yeah, it's the issue with hard links crossing filesystems I suspect... 2017-03-17 18:56:50 mmlb: I'll have to go back to standard copy if we can't find a way around that. 2017-03-17 19:56:53 TemptorSent: hmmm yeah $workdir and $outdir are 2 different fses 2017-03-17 20:44:24 mmlb: Okay, that would explain why I wasn't seeing that issue pop up. 2017-03-17 20:44:59 TemptorSent: still seeing it with /tmp/work and /tmp/out, or even with nothing at all 2017-03-17 20:45:20 I'm running alpine in a docker container though so maybe something weird there too 2017-03-17 20:45:56 let me try on a full alpine machine 2017-03-17 20:46:04 mmlb: Okay, let me check something... 2017-03-17 20:47:06 ok 2017-03-17 20:47:49 mmlb: I think at least part of the issue is I left a stale . directory in the output directory and it's recursing that now that it's using cpio rather than cp :) 2017-03-17 20:50:09 mmlb: I think I found it, a bit of legacy from the old build system is the DESTDIR gets moved, so I had dropped the root for the overlays in the destdir/.ovlroot. 2017-03-17 20:50:27 mmlb: Let me move that and see if it fixes things, one min. 2017-03-17 20:52:49 TemptorSent: sgtm thanks 2017-03-17 20:53:49 mmlb: Pull that and let me know if the problem goes away :) 2017-03-17 20:54:29 mmlb: hang on, I tripped something else with that possibly, let me rebuild virt and see. 2017-03-17 20:55:15 mmlb: Not there, back in device tree.. odd. 2017-03-17 20:59:37 mmlb: That was the first time I saw the symlink loop pop up... 2017-03-17 21:02:18 mmlb: It looks like it was a stale link caused by the previously fubar mkdir, acting fine after cleaning up work dir. 2017-03-17 21:02:40 ACTION i beliv i can fly 2017-03-17 21:02:59 mmlb: Give that a shot and let me know if it fixed the issue for you. 2017-03-17 21:03:12 hmm yeah I may have done ^C at some point 2017-03-17 21:03:16 will try 2017-03-17 21:04:29 mmlb: Thanks - it's hard to debug when you're stuck with one (semi) working box in front of you and not much else to test on off hand. 2017-03-17 21:05:24 mmlb: And a couple tin cans with a string between them for a network doesn't help either :) 2017-03-17 21:05:48 Hello everyone ! 2017-03-17 21:06:06 Hello KSD. 2017-03-17 21:06:18 TemptorSent: ohhh that looks much better 2017-03-17 21:06:25 oh wait 2017-03-17 21:06:43 TemptorSent: Illegal option -P \n usage: mkinitfs 2017-03-17 21:06:55 mmlb: Relying on . dirs not globbing didn't help. 2017-03-17 21:07:04 I want to contribute to Alpine, do you know you I've to contact ? 2017-03-17 21:07:43 mmlb: *lol* That's right, I'm using the git head of mkinitfs too.... 2017-03-17 21:07:48 :D 2017-03-17 21:08:00 how should I get? 2017-03-17 21:08:10 mmlb: Since I'm not *YET* forcing my own features, I can just disable that opt for now. 2017-03-17 21:08:22 ok 2017-03-17 21:09:50 mmlb: But there may be other breakages in the stock version, so I'd suggest pulling it anyway... git clone git://git.alpinelinux.org/mkinitfs 2017-03-17 21:10:03 TemptorSent: I assume remove -P and /etc/mkinitfs/features.d 2017-03-17 21:10:17 TemptorSent: ok thats fine I'll get git head 2017-03-17 21:10:28 mmlb: Yes, that should make it at least try with the old mkinitfs. 2017-03-17 21:11:11 mmlb: you may need to pull the fixed lddtree too, although I think that made it to the repo, so just make sure it's updated... 2017-03-17 21:11:45 mmlb: 1.26 or better should be okay. 2017-03-17 21:12:18 mmlb: I started turning up all sorts of fun bugs when I started doing the cross-arch builds. 2017-03-17 21:14:09 KSD: Many of the devs hang out here during the weekdays (CETish TZ), so dropping in about 4 hours earlier on Monday would be a good bet I suspect. 2017-03-17 21:14:38 KSD: What were you planning to work on? 2017-03-17 21:15:02 French translation 2017-03-17 21:15:19 mmlb: Yeah, mkinitfs is going to get canabalized into mkimage (mkalpine?) sooner than later. 2017-03-17 21:16:35 KSD: Unfortunately, I'm not particularly familiar with the i18n/l10n efforts on Alpine, so I'll have to punt you to someone else there. 2017-03-17 21:18:13 KSD: Generally it's just a matter of building translation files for the strings marked for i18n. 2017-03-17 21:19:04 KSD: But alpine handles the installation of translations a bit differently. 2017-03-17 21:20:41 TemptorSent: Do you know if I can help or not ? 2017-03-17 21:21:28 KSD: I'm sure any contributions would be welcome, but I'm not sure how much help is available to get you up to speed on the process. 2017-03-17 21:23:22 KSD : Contribution are always welcome. First step I think you should go through Alpine wiki page, especially those for developers, to see if any part related to translation 2017-03-17 21:23:55 KSD: and yeah stick around CET timezone :) 2017-03-17 21:24:14 TemptorSent: I'll propose my help monday morning when devs will be awake ;) 2017-03-17 21:24:47 KSD : So you want to translate the website or ? 2017-03-17 21:25:12 tmh1999: With a caveat that much of the website is horribly out of date in terms of developer docs ;) 2017-03-17 21:26:16 tmh1999: yes whatever, I just want to help because in France more and more DevOps teams use Alpine 2017-03-17 21:26:52 Sorrymy english is frightful 2017-03-17 21:27:13 TemptorSent : Hard truth, hope someone will have time to fix it after 3.6 2017-03-17 21:27:15 KSD: It's much better than my french! 2017-03-17 21:27:36 TemptorSent : That's the attitude ! 2017-03-17 21:28:11 tmh1999: Yeah, it would be good to sync everything to a milestone and at least note anything that's out of date. 2017-03-17 21:28:52 TemptorSent : I am picking up on reading abuild/apk-tools source to gain more understanding about them so I could help the docs 2017-03-17 21:29:12 KSD : That's great lots of people are using Alpine 2017-03-17 21:29:40 TemptorSent : Looks like you have some progress on aarch64. Beautiful 2017-03-17 21:29:52 tmh1999: Yeah, most of apk is undocumented :) 2017-03-17 21:31:02 tmh1999: Yeah, aarch64 should be ready for fiddling with now -- once the various code-paths get some excercise, we can stick a fork in t. 2017-03-17 21:31:44 tmh1999: I agree but not enought unfortunatly 2017-03-17 21:32:23 TemptorSent: you changes in your github repo ? 2017-03-17 21:32:43 KSD: How so ? 2017-03-17 21:32:56 tmh1999: Yeah, my github is current to my working system at the moment. 2017-03-17 21:33:25 tmh1999: Some teams are effraid by english language 2017-03-17 21:35:29 KSD: For better or worse, english has become the lingua franca (how's that for irony) of computing. Translating the documentation and user interface is relatively doable, but the guts tend to be a bit more difficult. 2017-03-17 21:37:01 KSD: Although I learned enough german to read docs back in the 80s. 2017-03-17 21:37:36 TempTorSent: You have docs in 80s ? You da real MVP 2017-03-17 21:37:54 German... ouch... 2017-03-17 21:38:57 KSD: Yeah, it was painful -- especially computing terms, which often took full line for one word! 2017-03-17 21:39:20 Time to sleep, I'll re-ask monday morning when devs are awake. Goodnight, bye 2017-03-17 21:39:25 tmh1999: Yeah, much of the Atari community was german at the time. 2017-03-17 21:39:40 KSD: Goodnight, and see you then. 2017-03-17 21:40:23 TempTorSent: by the way, if you have some time, can I ask you about the travis you use in github ? I thought you are writing code for aarch64, thought Travis does x86 code ? 2017-03-17 21:40:50 tmh1999; I haven't actually set up anything for travis yet. 2017-03-17 21:41:17 hum interesting 2017-03-17 21:41:18 tmh1999: I'm cross-building the images on my local system using already-compiled packages, not building apks from source currently. 2017-03-17 21:42:47 tmh1999: Other than me fubaring some arch-specific stuff (device tree, some boot file locations), it should "just work" for any arch you care to set up. 2017-03-17 21:43:50 tmh1999: It only knows about grub2, syslinux/extlinux/isolinux, uboot, and rpi bootloaders currently, but more can be added easily. 2017-03-17 21:44:41 TemptorSent : That's amazing work you are doing 2017-03-17 21:45:13 tmh1999: Once I get the core solid, I'll see about getting it to boot aarch64 images using qemu and setting up the aarch64 abuild env there. 2017-03-17 21:45:48 TemptorSent: Instead of me asking more dumb questions to you, do you happen to know some practical book/write-up/tutorial/blog that describe how to make the boot process ? initramfs, kernel, matching device at boot, etc. ? 2017-03-17 21:46:20 tmh1999: Thanks. I hope is becomes a useful tool to the community at large. 2017-03-17 21:46:38 TemptorSent: it's more than useful my friend 2017-03-17 21:48:08 tmh1999: Nope, no good docs I can think of -- a lot of wasted time, trial and error, and UTSL. I've been doing this stuff since the 90s, so I have to forget half (or more) of what I knew anyway. 2017-03-17 21:50:01 TemptorSent : that's tough. hum... 2017-03-17 21:50:28 tmh1999: I can give you the basic outline if you want -- BIOS discovers the boot media and loads the bootloader (not so simple of a process actually), the bootloader loads the kernel image and initrd, sets the base, and boots it, passing on the kernel cmdline options. 2017-03-17 21:51:49 The kernel starts up, then mounts the initramfs as /, then transfers control to init on the initramfs (see /usr/share/mkinitfs/initramfs-init). 2017-03-17 21:53:39 initramfs-init does the work of loading the necessary modules to mount the root fs, in the case of alpine extracts the run-to-ram system, mounts /dev /proc /sys etc.., and does a switch-root and exec /sbin/init 2017-03-17 21:54:54 /sbin/init is a link to busybox on alpine, which uses a simplified /etc/inittab to call openrc $softlevel for each of the runlevels automatically started. 2017-03-17 21:55:45 Modloop is actually not mounted until the system is booted and in the sysinit soft-runlevel. 2017-03-17 21:56:04 So all modules you need to mount the root fs need to be included in the initramfs. 2017-03-17 21:57:48 tmh1999: That's the outline, let me know what blanks you need filled in :) 2017-03-17 21:58:08 TemptorSent : I am trying to consume what you said. 2017-03-17 21:58:49 TemptorSent : Took note. Thanks for sharing ! 2017-03-17 21:59:06 tmh1999: No problem. 2017-03-17 22:00:04 tmh1999: The process is a bit simpler in some cases where no bootloader is required, but I outlined the general case. 2017-03-17 22:02:52 TemptorSent : So if I have a disk device, it should be known by the initrd, so that initrd will mount it on the root fs ? 2017-03-17 22:03:51 tmh1999: Yes, you'll need either baked-in kernel support or modules in the initramfs, since the modloop isn't available at that point yet. 2017-03-17 22:04:33 tmh1999: I've contemplated ways of making the modloop work in the init environment, but it requires being a bit createive :) 2017-03-17 22:06:06 :) 2017-03-17 22:06:19 doing this line of work is already being creative 2017-03-17 22:09:25 TemptorSent : I mean, besides being supported by the kernel, or supported in the initramfs, the initrd needs to know some kind of address to that device ? Doesn't it ? 2017-03-17 22:09:42 TemptorSent : and initramfs and initrd (init ramdisk) are different thing ? 2017-03-17 22:11:07 tmh1999: The initrd is actualy the old implementation which used a fixed ramdisk block device. The current initramfs uses a much simpler and cleaner ram-based filesystem. 2017-03-17 22:12:35 tmh1999: The initramfs has both the drivers (modules) and detection logic in it, and the kernel parameters passed to it can tell it where to look (root=/dev/sdc2 say) 2017-03-17 22:13:27 tmh1999: I haven't delved into the nlplug-findfs source yet, but that's what does the detection on alpine. 2017-03-17 23:15:21 TemptorSent: thanks for all the help today, I've got to run now. I shall get back on this next week! 2017-03-17 23:15:27 have a good weekend 2017-03-17 23:56:17 I have a kind of a complicated question about permissions: say I wanted to allow 1 user to add packages and users, and delete any user except "babs", and not have let change IPTables 2017-03-17 23:56:43 *not let them change IPTables 2017-03-17 23:59:56 ok well I think I just figured part of that out, but I still need to figure out how not allow them to remove my user... 2017-03-18 00:37:37 Nobabs27: Create an inotify on /etc/passwd and rewrite your user to it if it's missing? 2017-03-18 00:39:09 that sounds nasty hacky 2017-03-18 00:41:16 scv: Of course it is :) 2017-03-18 00:41:55 scv: But it would probably suit the purpose without resorting to hacking a passwd wrapper or some such. 2017-03-18 01:42:13 RBAC policy? 2017-03-18 01:43:23 does alpine have gradm 2017-03-18 01:55:58 TemptorSent: How do you config guest-host network with virtio in KVM ? 2017-03-18 01:58:29 tmh1999: I depends on how you connect it -- you can use the pci virtio driver, which I believe is the fastest, or you can set up a bridge/tap. 2017-03-18 01:58:58 tmh1999: I haven't played around with the latest virtio net stuff much yet - just putting together the pieces so I can test it. 2017-03-18 01:59:23 tmh1999: Virtio scsi is working happily for me -- that was a total no-brainer actually. 2017-03-18 01:59:42 what is your option for tap ? 2017-03-18 01:59:47 or bridge 2017-03-18 02:01:11 god I wish I picked KVM + Virt-manager in favor of VirtualBox many years ago.. 2017-03-18 02:02:46 tmh1999: KVM/qemu bridging. 2017-03-18 02:04:21 tmh1999: a google search for virtio bridge should bring up the details witin the first few results 2017-03-18 02:05:14 yeah I read that one. just that s390x seems a little bit different. kind of frustrated. 2017-03-18 02:05:31 Basically you set up the bridge normally, then twiddle the virtio on. 2017-03-18 02:06:47 "ip link add br0 type bridge" 2017-03-18 02:08:25 What kind of hassle is it giving you? 2017-03-18 02:10:12 Ah right... it's debian kvm bug... I am compiling qemu from source. hope it's gone 2017-03-18 02:11:29 Love that. 2017-03-18 02:13:42 tmh1999: Most of my bridge-foo is out of date, as brctl is apparently on it's way to the dustbin. 2017-03-18 03:15:22 Looking for some assistance. I am trying to install alpine, standard iso, from usb and OpenRC is getting stuck on, "loading hardware drivers". 2017-03-18 03:16:44 c0ssacks: You can try running with the kernel option 'noautodetect' and see if its happy. 2017-03-18 03:21:27 Okay thanks. I'll give it a try. 2017-03-18 03:47:44 TemptorSent: Unfortantely, that didn't work. 2017-03-18 03:48:37 c0ssacks: Okay, so much for the easy one :) 2017-03-18 03:49:12 c0ssacks: Is it acting like a hardware hang or just not proceeding? 2017-03-18 03:50:55 TemptorSent: Not entirely sure. I have tried it several times and I let it sit at that status for ~55min while I was working 2017-03-18 03:51:42 I got too busy to notice haha 2017-03-18 03:52:05 c0ssacks: Yeah, know how that goes. 2017-03-18 03:53:00 c0ssacks: Next would be to boot in single-user mode and see if something is obviously bjorked. 2017-03-18 03:53:29 pass single on the kernel cmd line :) 2017-03-18 03:57:09 ephemer0l: no 2017-03-18 03:57:35 ephemer0l: we used to have gradm, but it was such a crap experience that we abandoned our plans for it 2017-03-18 03:58:44 ephemer0l: and considering grsec itself is being dropped (no viable upstream), we are not likely to include it 2017-03-18 04:04:18 TemptorSent: won't even boot now. 2017-03-18 04:04:59 c0ssacks: Hmm, it almost sounds like a bad usb stick? 2017-03-18 04:05:51 c0ssacks: It shouldn't be changing the way it acts beyond what it gets as kernel command line options as a media stick. 2017-03-18 04:06:03 TemptorSent: I'll try another one. Never encountered that problem before. 2017-03-18 04:06:32 c0ssacks: Did you just raw burn it with dd, or use a tool of some sort? 2017-03-18 04:07:05 TemptorSent: I used dd. 2017-03-18 04:07:18 c0ssacks: USB sticks can be funny things at times, I've had a couple that just refused to cooperate for no apparent reason. 2017-03-18 04:08:09 c0ssacks: That should do it.. try reimaging perhaps, but I wouldn't expect to see it degrade from one boot to the next. 2017-03-18 04:08:57 c0ssacks: That's unexpected behavior, as it implies something is being written to the image between subsequent boots. 2017-03-18 04:09:22 TemptorSent: I don't know what would be written to it. I'm so confused. 2017-03-18 04:10:02 c0ssacks: Right, which is why I'm somewhat suspect of your USB stick if the image acts diffrently between subsequent boots. 2017-03-18 04:10:27 c0ssacks: Nothing in the image should be writing anything that I'm aware of. 2017-03-18 04:11:00 TemptorSent: The wiki says the iso can be raw copied, yes? 2017-03-18 04:11:19 I'm fairly certain\ 2017-03-18 04:11:19 c0ssacks: Yes, it has a hybrid bootsector. 2017-03-18 04:11:33 c0ssacks: It worked for me :) 2017-03-18 04:12:07 c0ssacks: So your image on the usb stick should be identical to the iso. 2017-03-18 04:12:43 c0ssacks: If it checksums the same, it should be good, and something else is confusing it on your particular machine. 2017-03-18 04:13:51 c0ssacks: Do you have any oddball hardware that might be confusing it? 2017-03-18 04:14:36 kaniini: Now that you've given up on PaX, any chance you could see if we could get pax in the repo? 2017-03-18 04:14:51 Tried new iso and new usb same issue. I'm being an idiot somehow but I'm not sure how. I don't have any oddball hardware. 2017-03-18 04:15:02 kaniini: We have cpio, which isn't POSIX, but we don't have pax, which is. 2017-03-18 04:17:00 c0ssacks: Okay, so it's something local and consistent -- but it at least is trying to boot, not just puking again? 2017-03-18 04:18:35 c0ssacks: You can add the noquiet kerel flag as well, which might help figure out what's hanging it. 2017-03-18 04:18:40 TemptorSent: Yup. I don't know what hardware of mine it wouldn't like. 2017-03-18 04:19:50 c0ssacks: Something dumb, like a mouse with constant disconnects (ask me how I know!) 2017-03-18 04:20:41 TemptorSent: Is it possible that my wireless keyboard and mouse combo is being dumb? I'm about to be so mad if that's it 2017-03-18 04:21:59 c0ssacks: It wouldnt' be the first time I've been bit by something like that... but my biggest suspicion would be your gfx card. 2017-03-18 04:22:35 c0ssacks: The USB issue usually shows up as io hangs more than complete system freezes 2017-03-18 04:23:05 you could try a SAK (alt-sysrq-k) and see if that bumps past it. 2017-03-18 04:23:44 TemptorSent: :D 2017-03-18 04:24:03 TemptorSent: yes i can import mirbsd pax for you 2017-03-18 04:24:18 (it's the one that actually cares about musl support) 2017-03-18 04:25:37 TemptorSent: Yeah it's not the mouse/keyboard. I guess I should switch GPUs and see 2017-03-18 04:25:51 kaniini: It's surprisingly hard to find a posixly correct way to copy with hardlinks! 2017-03-18 04:27:00 c0ssacks: Before you go that far, try twiddlign the kerenel command line with noquiet and init=/bin/sh 2017-03-18 04:27:15 That should give you a shell in the pivoted root. 2017-03-18 04:28:50 /etc/init.d/hwdrivers should NOT autoload the framebuffer, especially after explicitly passing the nofb kerenel option! 2017-03-18 04:29:57 That's on my fix-list for mkinitfs -- no bloody fbdevs unless you want them! 2017-03-18 04:30:49 and if i want them by default? 2017-03-18 04:32:19 kaniini: Pass a kernel option to ENABLE them! 2017-03-18 04:33:00 kaniini: Because no combination I could find would prevent hwdrivers from forcefully loading the modules anyway, so it goes away :) 2017-03-18 04:33:59 kaniini: nomodeset should be enough to turn the bloody fb off, but no - not even close! 2017-03-18 04:34:44 and if i don't want to pass a kernel option to enable them? 2017-03-18 04:35:03 kaniini: If you must have it enabled by default, you can have the nice bootloader do it for you! 2017-03-18 04:35:15 :P 2017-03-18 04:35:48 and then when some idiot goes and breaks their bootloader and complains to me what do i tell them ? 2017-03-18 04:36:22 RTFM -- at least they might have a chance of figuring what's going wrong if they can actually see a terminal. 2017-03-18 04:36:42 and what about EFI where a framebuffer is mandatory as there is no text mode ? 2017-03-18 04:37:04 We should NOT have to pass options like 'nomodeset' 'noquiet' etc. to get debugging. 2017-03-18 04:37:28 have you considered we have quiet as a default for a reason ? 2017-03-18 04:37:45 kaniini: Then we have an environment it makes sense to default to a fb and we do it :) 2017-03-18 04:37:57 i mean, alpine has quiet for a reason 2017-03-18 04:38:02 by default, right now 2017-03-18 04:38:05 TemptorSent: Too late. I switched my Nvidia GTX 770 for my AMD Radeon R9 390. I had my R9 390 boxed up because every GNU+Linux distro I've tried hates it. 2017-03-18 04:38:39 TemptorSent: Now everything works. 2017-03-18 04:38:45 kaniini: Sure, I understand why, but it doesn't mean it's a good practice, at least not by default. 2017-03-18 04:38:58 TemptorSent: I'm literally dying. 2017-03-18 04:39:00 c0ssacks: *LOL* Perfect! 2017-03-18 04:39:09 seems like a good practice to us considering we would like our product to actually look good 2017-03-18 04:39:20 and spewing 9000000 lines of debug crap at boot doesn't look good 2017-03-18 04:39:53 kaniini: Okay, for a desktop, that makes sense perhaps, but on a server, boot logs are critical debugging tools! 2017-03-18 04:40:06 run dmesg to get them 2017-03-18 04:40:38 and funny, i maintain literally thousands of servers and i have managed to get by with /var/log/kernel.log 2017-03-18 04:40:39 kaniini: Yeah, if you can get to a shell! Usuall it craps out somwehre between boot and init mounting dev. 2017-03-18 04:41:07 ok so if it craps out, restart with debug flag 2017-03-18 04:41:10 kaniini: You're lucky and have good hardware :) 2017-03-18 04:41:13 TemptorSent: Thanks for the help. I appreciate your patience. This result feels so backwards but I'm just going to roll with it. 2017-03-18 04:41:16 you need debug flag to get init debugging anyway 2017-03-18 04:41:48 c0ssacks: No problem, I suspect the nvidia blob has issues. 2017-03-18 04:42:14 c0ssacks: Glad I could steer you the right direction. 2017-03-18 04:42:27 ACTION grumbles and adds to the reasons to not accept these changes 2017-03-18 04:43:20 kaniini: Fine, but if our bootloader didn't happen to pass flags to shut us up, I think we should assume something is not 'normal' and spit out more info. 2017-03-18 04:43:51 TemptorSent: Now I understand why Linus gave the middle finger to Nvidia at that one university talk. 2017-03-18 04:44:23 c0ssacks: Yep. I've been alternating giving them the finger and giving them my money for too long. 2017-03-18 04:45:09 kaniini: Silence should be by intent, not default. 2017-03-18 04:45:21 it presently is 2017-03-18 04:45:41 as i said before, we consider the livecd being silent unless 'debug' is specified on the commandline to be a feature 2017-03-18 04:45:48 we consider that to apply to booting in general 2017-03-18 04:46:09 kaniini: I have to force init to give me at least a little info, and even in debug the info is minimal at best. 2017-03-18 04:46:29 ACTION would really like to avoid a situation where derivatives first patch to a given alpine tree is ripping out all of these changes because they suit you and only you 2017-03-18 04:47:39 changing established policy at boot-time just because you do not like our chosen default behaviour is something we are not going to accept 2017-03-18 04:48:15 kaniini: Like I said, I don't mind the bootloader shutting things up, but right now, debugging something that you can't figure out the kernel command like option for is basically impossible. 2017-03-18 04:48:18 if you want to make debug provide more info, great 2017-03-18 04:49:11 but if i generate an ISO with your tool, and the ISO output by your tool spews a bunch of crap as it boots, i will put a hold on merging the changes 2017-03-18 04:49:22 kaniini: I want the basic default of the absolute minimal base system to give normal levels of debug info and not try to load fbdevs if they don't need them! 2017-03-18 04:49:40 that is fine 2017-03-18 04:49:46 kaniini: I'm not worried about the live-cds, I'm talking about alpine-base. 2017-03-18 04:49:57 well, we want the normal installs 2017-03-18 04:50:01 to also be quiet by default 2017-03-18 04:50:36 kaniini: mkinitfs currently includes all sorts of unneded crap in the base feature. 2017-03-18 04:50:45 sure 2017-03-18 04:50:47 i am just saying 2017-03-18 04:51:07 that from my perspective it appears constantly that you want to remake the entire boot process in your own image 2017-03-18 04:51:09 kaniini: Like I said, if you want the default bootloader option to be quiet, that's easy enough. 2017-03-18 04:51:14 and when you say things like 2017-03-18 04:51:35 23:37 We should NOT have to pass options like 'nomodeset' 'noquiet' etc. to get debugging. 2017-03-18 04:51:39 it is very concerning 2017-03-18 04:51:41 because 2017-03-18 04:51:53 (a) you only need to supply 'debug' to turn off both modeset and quiet 2017-03-18 04:52:05 (b) it reads like you want to make it verbose by default 2017-03-18 04:52:12 kaniini: The problem is IT DOESN'T WORK! 2017-03-18 04:52:26 debug works for me, i do not have kms enabled and kms is not part of base 2017-03-18 04:52:37 kaniini : Boot a vm using qemu -curses -cdrom alpine....iso 2017-03-18 04:52:42 Let me know how far you get. 2017-03-18 04:53:10 kaniini: The only way to get it to boot is to pass 'noautodetect' 2017-03-18 04:53:20 that is a bug with nlplug then 2017-03-18 04:53:41 but it does not try to start a graphical device here 2017-03-18 04:53:46 No, it has nothing to do with nlplug -- it's the baselayout 2017-03-18 04:54:00 Read /etc/init.d/hwdrivers 2017-03-18 04:54:22 i'm aware 2017-03-18 04:54:29 and i will say again 2017-03-18 04:54:40 that it works for me, and i stay in textmode 2017-03-18 04:54:44 kaniini: It forcefully loads fb drivers, no matter how much you pass nomodeset, nofbdev, nofb, or whatnot. 2017-03-18 04:54:51 not for me 2017-03-18 04:55:18 i mean, don't get me wrong 2017-03-18 04:55:31 kaniini: I've had two others pop on here with that same question, one of whom I was able to get passed it with nomodest. 2017-03-18 04:55:33 i don't disagree that if you want graphical boot that it should be a kernel commandline option 2017-03-18 04:55:45 ...the other required noautodetect. 2017-03-18 04:55:47 this is about 'quiet' 2017-03-18 04:56:28 kaniini: If you don't have a bootloader passing you --quiet, you're probably on a device you can't easily alter the bootloader config anyway 2017-03-18 04:56:54 anyway 2017-03-18 04:56:54 kaniini: And one you'd most likely be perfectly happy to get all the logging in the world on. 2017-03-18 04:56:59 i have said what i am going to say on it 2017-03-18 04:57:24 if the output ISO image behaves differently in regard to quiet (i.e. spews a bunch of debug) then it's not acceptable 2017-03-18 04:57:25 kaniini : Think embedded systems / serial consoles / VMs. 2017-03-18 04:57:48 sure, and those systems either 2017-03-18 04:57:55 (a) do not have quiet in the commandline already 2017-03-18 04:58:01 kaniini: Then we'll have the default bootloader command line passing --quiet. 2017-03-18 04:58:30 kaniini: But if someone types their own command line, they probably want to get some output. 2017-03-18 04:58:39 yes, and that is the current behaviour 2017-03-18 04:58:47 so if you preserve it, that's fine 2017-03-18 04:59:09 and i agree that graphical boot needs improvement 2017-03-18 04:59:10 kaniini: Again, currently, it doesn't behave that way for me -- passing kernel parameters does not override the noquiet 2017-03-18 04:59:13 er quiet. 2017-03-18 04:59:49 that is because of syslinux 2017-03-18 04:59:53 well, isolinux 2017-03-18 05:00:32 kaniini: It's also an issue in init which doesn't start giving any information until you beg. 2017-03-18 05:00:54 no, init behaves the way it does because it sees 'quiet' 2017-03-18 05:00:59 I didn't find a very simple error for days because it wasnt' even obvious that apk was complainign about bad keys. 2017-03-18 05:01:54 kaniini: Right, but if it gets something other than what it expects, it should break out of quiet unless we want to pass 'gag' or somethign. 2017-03-18 05:02:23 you mean, like 'debug' ? 2017-03-18 05:02:26 ACTION eyerolls 2017-03-18 05:02:48 kaniini: Quiet should mean: Only give me the information when something unexpected happens. 2017-03-18 05:03:02 yes, so 2017-03-18 05:03:05 kaniini: No, you should never have to enable debug to see why something FAILED. 2017-03-18 05:03:09 if you want to change the verbosity 2017-03-18 05:03:11 use 'debug' 2017-03-18 05:03:14 TemptorSent: yes, i agree there 2017-03-18 05:03:29 TemptorSent: however, like i said, this is what the 'debug' flag is for to increase evrbosity 2017-03-18 05:03:32 if there is an error, then sure 2017-03-18 05:03:35 talk all you want 2017-03-18 05:03:38 kaniini: That's the problem, currently, if something is sideways, it continues being quiet. 2017-03-18 05:03:44 then that's a bug 2017-03-18 05:04:01 not something needing a change in behaviour/policy in the init 2017-03-18 05:04:18 kaniini: The error, yes, but the bigger problem is it continues on its way until it fails because of the earlier failure. 2017-03-18 05:04:43 then the error handling needs to be improved so the first failure causes it to fail 2017-03-18 05:05:26 i will say it again, just to be clear 2017-03-18 05:05:32 kaniini: True, although it's a recoverable error -- which is where the problem comes by not turning up the verbosity when that happens. 2017-03-18 05:05:38 if the default behaviour changes from 2017-03-18 05:05:41 boot: 2017-03-18 05:05:47 100% [###################] 2017-03-18 05:05:51 OpenRC blah blah blah 2017-03-18 05:05:56 i will put a hold on the patch 2017-03-18 05:06:29 if there is a fault and you want to increase verbosity upon detection of it, fine 2017-03-18 05:06:34 that is perfectly reasonable 2017-03-18 05:06:41 what is not reasonable is spewing debug by default 2017-03-18 05:06:49 if you do not intend to spew debug by default, great 2017-03-18 05:06:57 kaniini: Like I said, if you want the default bootloader flag to be quiet, fine, that's easy enough. But when nothing tells it to shut up, it should give enough info to figure out WHERE something is going sideways. 2017-03-18 05:07:19 okay 2017-03-18 05:07:21 so 2017-03-18 05:07:23 if you do 2017-03-18 05:07:25 boot: debug 2017-03-18 05:07:30 blah blah blah error 2017-03-18 05:07:33 that is fine, no? 2017-03-18 05:07:41 but in reality 2017-03-18 05:07:45 that is crap design too 2017-03-18 05:07:50 because if you know there is an error 2017-03-18 05:07:59 then you should increase verbosity at that point 2017-03-18 05:08:04 I think a terse but not silent mode would be a good default actually, that just tells you what stage of boot it's in, but that's your call. 2017-03-18 05:08:23 ACTION headdesks 2017-03-18 05:08:45 It's people who have boot fail on them the first time and want to try to work around whatever failed. 2017-03-18 05:08:56 so what i am saying is 2017-03-18 05:09:01 boot: 2017-03-18 05:09:09 2017-03-18 05:09:20 init: a problem was detected, increasing verbosity. 2017-03-18 05:09:23 [...] 2017-03-18 05:09:34 Possibly with a log-replay. 2017-03-18 05:09:36 init: a hard failure occured 2017-03-18 05:09:40 # 2017-03-18 05:09:45 yes 2017-03-18 05:09:48 exactly 2017-03-18 05:10:02 Correct. 2017-03-18 05:10:09 but you're telling people to go mess with kernel commandlines to get this info 2017-03-18 05:10:25 just like i do with 'debug' 2017-03-18 05:10:32 when in reality, it is a hybrid approach that should be taken 2017-03-18 05:11:18 so in my opinion 2017-03-18 05:11:21 Right, what I mean is when someone has a first-boot failure, the next thing they'll do is try passing command line options at boot, which should automatically increase verbosity to at least reasonable. 2017-03-18 05:11:29 well 2017-03-18 05:11:32 what i am saying is 2017-03-18 05:11:34 again 2017-03-18 05:11:38 if a fault happens 2017-03-18 05:11:45 it should stop right then and there 2017-03-18 05:11:51 and advise you 2017-03-18 05:12:08 and give you the option to view a log, drop to shell, or continue anyway 2017-03-18 05:12:25 So a hands-off boot gets you a set of hash marks, a boot with manual kernel options defaults to giving you a verbose (but not necesssarily debug) boot, and you can use debug for the ugly details. 2017-03-18 05:12:27 once you drop to shell, you can correct the fault and exit the shell to continue 2017-03-18 05:12:56 sure, but what i am saying is 2017-03-18 05:12:59 if there is a fault 2017-03-18 05:13:06 why should they have to waste time rebooting 2017-03-18 05:13:12 when they could just correct the fault and keep going 2017-03-18 05:13:30 Right, assuming it's a correctable fault at that point 2017-03-18 05:14:08 sure i am just saying 2017-03-18 05:14:15 it gives the same triage capability 2017-03-18 05:14:27 Things like not having the apk repo signed properly and not knowing it without enabling debug wouldnt' be fixable so much. 2017-03-18 05:14:28 Right. 2017-03-18 05:15:25 kaniini: I didn't say I wanted to default to debug, just default to a reasonable amount of information about where in the process things are. If it's hands of, silent is fine. 2017-03-18 05:16:31 okay 2017-03-18 05:16:36 kaniini: It makes debugging FAR easier for all involved if you at least know what step failed, if not the details right off. 2017-03-18 05:17:44 kaniini: But if someone is passing root=/dev/sdc3, it would be useful for them to see that the root device was assigned as /dev/sdc3 by nlplug-findfs 2017-03-18 05:17:55 yes, absolutely 2017-03-18 05:18:43 TemptorSent: what is your opinions on fixing graphical boot (for desktops) ? 2017-03-18 05:20:39 terse being 'Kernel $kernelversion booted, starting initramfs...' 'Root device found at $device' 'Switching / and starting init...' 2017-03-18 05:21:47 kaniini: It shouldn't be too hard to do right, but IMHO, that means only doing it on EFI systems where we have a known working FB at boot. 2017-03-18 05:22:08 kaniini: Supporting it properly in legacy bios mode is fragile, at best. 2017-03-18 05:23:57 kaniini: If you want to make it really slick, an init designed for the task would be a good idea so you have everything setup before the services start. 2017-03-18 05:25:01 kaniini: Until all the various X drivers are stable with modesetting fbs, it's going to be a bit hit-and-miss. 2017-03-18 05:27:11 sure, but it is something you would be ok with in mkimage right 2017-03-18 05:27:13 ;) 2017-03-18 05:28:50 Yeah, like I said - mkinitfs is about to be canabalized into mkimage, then you'll be about to build literally any image you want with any init you want, any modules in both the initfs and modloop, whatever. 2017-03-18 05:29:37 kaniini: I really don't much care what the alpine release profiles ship with as far as configuration, I just want the tools to be sane absent something telling them to shutup. 2017-03-18 05:30:59 So init defaulting to giving normal status info and a few basic details as it boots, unless it's been passed quiet, in which case it will only speak up if something hiccups. 2017-03-18 05:32:29 kaniini: But what actually gets incuded in init itself can be set to whatever you actually need on a system, since netboot machines probably don't need to detect pata hardware to boot :) 2017-03-18 05:33:06 kaniini: Essentially init only needs to contain the code supporting the features included in the initfs. 2017-03-18 05:34:18 kaniini: So it can be as simple or complex as the particular application calls for. 2017-03-18 05:35:07 A livecd will want to be able to detect and run on anything under the sun, while a vm image has a very narrow set of features it needs to boot. 2017-03-18 05:37:13 so the zfs feature is responsible for providing the functions that need to be appended to the initramfs-init as well as including the modules and userland programs. 2017-03-18 05:38:51 If the initramfs doesn't have the zfs modules, you're not going to need the code to import the pool with the proper root. 2017-03-18 05:39:33 The result is LESS complexity in most cases. 2017-03-18 05:42:20 ok 2017-03-18 05:43:43 I'm not trying to dictate your release images in any way, I'm trying to make a tool that makes making images for ANY need easier. 2017-03-18 05:44:41 kaniini: All I want to do is default things to sane absent somethign tellign them otherwise. 2017-03-18 05:45:30 Maybe simply make the fb drivers seperate from hwdrivers in the short term to avoid crazy-making? 2017-03-18 05:47:10 Or at least make the fb drivers understand that nomodeset nofbdev nofb mean don't load anyway. 2017-03-18 05:48:25 If you want fb drivers, you probably want them in the initfs anyway, and we need a sane command line option to control that. 2017-03-18 05:49:55 like load_fb_drivers 2017-03-18 05:50:07 (and noload_fb_drivers 2017-03-18 05:50:26 i will leave that to you 2017-03-18 05:50:29 :p 2017-03-18 05:50:40 with load_fb_drivers taking an optional list of which fbdrivers to load, or run autoloading. 2017-03-18 05:50:58 If you want to fix graphical boot, that's how. 2017-03-18 05:53:11 kaniini: And as for how to make any option entered on the command line disable the defaults, you just setup a second menu option named $flavor-default, setting that as default. The user then types $flavor and gets a clean command line. 2017-03-18 05:54:46 Oh, and it looks like PXE boot has popped up towards the top of the todo stack if you have any sage advice there. 2017-03-18 05:55:16 kaniini: enabling a PXELINUX bootloader should be the easy part. 2017-03-18 09:29:43 Hi guys, I'm new to Alpine and not really a linux hacker. I have installed Alpine using the extended ISO and the data option. Now I would like to install xfce. Alpine tells me that udev is missing. Will it be enough if I just install udev with the package manager?... which I don't know much about yet :) 2017-03-18 09:30:27 So far I really like the simple, lightweight and fast approach of Alpine and the install process couldn't have been simpler so far 2017-03-18 09:36:31 This was easier than I thought... I just apk add udev and then I can install xorg... Maybe Alpine will make me stay with linux for good :) 2017-03-18 09:44:49 Hmmm... I wanted to start lxdm with rc-service lxdm start but rc-service says that the service lxdm does not exist 2017-03-18 09:47:31 uh... lxdm was not installed X 2017-03-18 09:47:37 XD 2017-03-18 09:55:00 next time, just setup-xorg-base, it drags udev along with it 2017-03-18 10:02:49 TBB I did, but it somehow just told me that it needs udev and didn't install it on its own 2017-03-18 10:03:03 Now I am able to start lxdm and need to install firefox 2017-03-18 10:03:16 apk search firefox doesn't find it... 2017-03-18 10:04:17 It seems that firefox is in a test repository... Do I need to add that repository to apk first to be able to get firefox? 2017-03-18 10:07:18 there's the esr release in community 2017-03-18 10:11:05 how do I get apk to see it? 2017-03-18 10:11:18 need to add community repo? 2017-03-18 10:13:51 you probably want main and community enabled and have edge and testing as pinned repos 2017-03-18 10:17:07 I just noticed that in /etc/apk/repositories there were already all the urls just commented out :) 2017-03-18 10:20:18 only things left now are audio and my lenovo keyboard 2017-03-18 10:20:26 well, it's a laptop 2017-03-18 10:23:17 add snd-hda-intel to /etc/modules and install alsa, and you're done with the audio 2017-03-18 10:32:05 I added the module but I guess I need to load it somehow 2017-03-18 10:32:18 and I installed alsa-lib as alsa (wihtout -lib) was not found 2017-03-18 10:34:06 myko: you need to add your user to the audio group, and it's also useful to start the alsa service to have your volume/mixer settings saved and restored on boot 2017-03-18 10:36:45 there is no useradd in Alpine? :) 2017-03-18 10:37:08 you need the shadow package for that. but adduser should work with busybox 2017-03-18 10:44:10 I added the user to audio 2017-03-18 10:46:11 as for the alsa service, i _think_ it doesn't do or run anything other than on restore on startup and save on shutdown. 2017-03-18 10:46:37 at least htop as root doesn't show any alsa process 2017-03-18 10:52:16 I was able to start up the alsamixer and saw that master volume was set to 0... 2017-03-18 10:52:22 turned it up but still no luck 2017-03-18 10:52:35 btw busybox has no sudo? :) 2017-03-18 10:53:33 busybox has many, according to some way too many, things but sudo is not one of them 2017-03-18 10:54:54 The thing is that I am hopping between tty1 (root) and tty7 (lxdm with normal user) and trying to open alsa mixer in lxdm 2017-03-18 10:55:46 so add sudo 2017-03-18 10:55:59 i don't think there's a gui alsa mixer. but there's xfce4-mixer 2017-03-18 10:57:08 (which works fine with alsa) 2017-03-18 10:57:45 hmmm... in lxdm gstreamer isn't able to detect sound devices 2017-03-18 10:58:32 and thus xfce4-mixer is not started 2017-03-18 10:59:02 i don't _think_ it's a process. try runnign it directly from the menu or from a terminal (in a gui env) 2017-03-18 10:59:52 I installed Alpine with the data option. Can I just turn it off an on again and it will retain the settings? (maybe should have installed it as a normal desktop on HDD at first until I know more about Alpine :) 2017-03-18 11:00:26 dunno. i installed normal to hdd 2017-03-18 11:04:05 outside my experience too, I'm strictly using 'regular' installs 2017-03-18 11:13:31 I installed Alpine again with the sys option 2017-03-18 11:13:38 But after reboot my wlan is not up... 2017-03-18 11:13:48 what is the Alpine way to get my wlan IP from dhcp? 2017-03-18 11:17:34 setup-ntp i think 2017-03-18 11:18:25 but i think you probably should have ran it during setup-alpine 2017-03-18 12:09:15 ERROR: nginx-1.10.3-r0: BAD signature while installing apk from dl-cdn.alpinelinux.org, is this a known problem? 2017-03-18 14:50:41 i'm getting "bad signature" trying to install nginx on edge (in docker): https://dpaste.de/BqYU - is this broken at the moment or did i do something wrong? 2017-03-18 15:27:23 The openssh server pacakge (https://pkgs.alpinelinux.org/package/edge/main/x86_64/openssh-server) doesn't appear to have been compiled with PAM enabled. I would like PAM enabled. What are my options? Build it myself? 2017-03-18 15:28:44 (in fact, yes, it is built without pam- http://git.alpinelinux.org/cgit/aports/tree/main/openssh/APKBUILD#n71) 2017-03-18 15:30:00 building yourself is the quickest/easiest way, with some maintenance costs later when upgrading 2017-03-18 15:30:09 abuild -r is your friend 2017-03-18 15:32:58 aha, abuild is what i need to build, thanks 2017-03-18 15:33:07 though it's a shame i can't just depend on someone else for updates :D 2017-03-18 17:22:09 how stable is alpine as a docker host? 2017-03-18 18:13:12 seems to work great 2017-03-18 18:13:17 <3 alpine 2017-03-18 18:43:55 atomi: Docker is mostly dependent on the kernel version rather than the userland, i wouldn't expect any problems 2017-03-18 18:45:49 yeah 2017-03-18 18:46:23 I need a docker host since I'm moving some of my rpi stuff onto a proxmox box 2017-03-18 18:46:46 and with alpine I can keep the image size low 2017-03-18 18:47:02 for faster/cheaper backups 2017-03-18 19:16:34 atomi: hyper.sh 2017-03-18 19:43:38 too expensive 2017-03-18 19:44:13 I pay less in power per month to host them myself 2017-03-19 00:21:38 ACTION pulls up a chair and pours a cup of coffee. Wondering how I might speed up the boot process. 2017-03-19 00:25:20 ACTION pours kvda a cup of coffee. 2017-03-19 00:25:51 why thank you 2017-03-19 00:26:53 I am new to Alpine, so can't help much more than a cup of joe. :} 2017-03-19 00:28:58 tarpit: What part of the boot-process is taking too long currently? 2017-03-19 00:29:44 It is very fast. Just want to trim off a few seconds if I can. Maybe remove the countdown? 2017-03-19 00:31:04 tarpit: Take a look at the current initramfs-init script in /usr/share/mkinitfs -- that's responsible for what happens between the kernel booting and the handoff to openrc. 2017-03-19 00:31:19 A question about packages: Does Alpine have a community package repository, kind of like AUR, but for Alpine? 2017-03-19 00:31:49 Like the /community one or something hosted separately? 2017-03-19 00:32:08 ericnoan: There is the community repo in alpine, just uncomment it in /etc/apk/repoositories. 2017-03-19 00:32:48 TemptorSent: thanks 2017-03-19 00:33:18 tarpit: I'm actively working on rebuilding the image builder and boot process, so input gladly welcome. 2017-03-19 00:33:27 ericnoan: No problem. 2017-03-19 00:35:24 TemptorSent Thanks. :) 2017-03-19 08:20:05 so, why is postgres and squid in /etc/group by default? 2017-03-19 09:00:48 <_ikke_> scv: What I heard last probably because that's what someone had in their passwd 2017-03-19 09:00:55 <_ikke_> /group 2017-03-19 09:04:54 hi, I want to give a try alpine on vbox but I can't install network. Any help? 2017-03-19 09:05:03 probably a good idea to remove them from the base install 2017-03-19 09:16:11 ok, fixed 2017-03-19 09:29:29 for daily use; is it enough to do "useradd -m -G wheel alpineuser" ? 2017-03-19 11:30:06 just a short question: how do i install a package from the install boot media after the installation? as i only can access the internet through wifi and i have seen the 2 required packages on the boot media. my pentium 2 will thank you ;) 2017-03-19 11:32:35 user__: iirc it should either just work or maybe you need to uncommend a cdrom (or some such) entry at /etc/apk/repositories 2017-03-19 11:32:49 uncomment* 2017-03-19 11:33:34 "just work" means running e.g. apk add openssh 2017-03-19 11:34:00 ok thanks 2017-03-19 11:34:14 btw this project is awesome. keep it on ;) 2017-03-19 15:11:15 scv: Yeah, I was investigating the init passwd/group files -- Some of the users/groups are in fact required to boot otherwise device creation fails. 2017-03-19 18:28:01 TemptorSent: neither squid nor postgres have anything to do with devices. 2017-03-19 18:41:29 avih: got it installed. runs very good on this old rig. i am just reconfiguring the mirrors as the file was empty after an install without internet. just extracted the tar file with the mirrors and running setup-apkrepos 2017-03-19 18:43:52 hm, now i am getting this error for all repos: ERROR: http://dl-2.alpinelinux.org/alpine/: No such file or directory 2017-03-19 18:44:28 user__: i haven't set up local repos or mirrors... so no experience with that. 2017-03-19 18:45:19 i already commented out the local ones and readded the internet mirrors, as i have a connection now 2017-03-19 18:46:40 TemptorSent: they should be added by their respective packages, likely they were present when somebody was building the base image or package with passwd/group 2017-03-19 18:46:42 scv: No, those accounts do not - but several you wouldn't expect do popup. 2017-03-19 18:46:51 the others are all fine 2017-03-19 18:46:56 those are the only two i'm complaining about 2017-03-19 18:47:08 mainly because postgres has /bin/sh as its shell, its login is disabled in shadow but that's still mildly concerning 2017-03-19 18:47:10 scv: We really should make a cohesive list of system users. 2017-03-19 18:47:33 scv: Yeah, all users should be defaulted to /bin/false 2017-03-19 18:47:45 well, postgres you need to drop to the user to manage by default 2017-03-19 18:47:52 so it'd be OK if you installed postgres 2017-03-19 18:48:01 but it doesn't need to be in the base system :p 2017-03-19 18:48:11 unexpected users with shells are no bueno 2017-03-19 18:48:18 scv: Right, but it shouldn't be enabled until pg is installed. 2017-03-19 18:48:56 huh, i get some problems after the openrc update on edge. for tab completion on bash (for a dir name) i'm getting "-bash: cannot create temp file for here-document: Read-only file system" and also some errors during boot 2017-03-19 18:48:58 shouldn't be present period until it is 2017-03-19 18:49:04 scv: It would be very helpful to have a list of service users and the uids so we can actually expect sane things when moving a data fs from one install to another. 2017-03-19 18:49:11 yeah 2017-03-19 18:49:17 that would be convenient 2017-03-19 18:49:22 i wonder if there's any consistency across distros 2017-03-19 18:49:26 unlikely 2017-03-19 18:49:45 avih: sounds like your root fs didn't get remounted RW? 2017-03-19 18:49:47 scv: Not particularly any more -- it used to be pretty consistent back in the OLD days. 2017-03-19 18:50:00 actually, not sure those are errors. possibly just quite more verbose that it was 2017-03-19 18:50:10 (boot) 2017-03-19 18:50:11 the fact that everybody is departed from the old days is the main reason why i'm here :> 2017-03-19 18:50:22 scv: yes, sounds like it, and it started after i updated openrc 2017-03-19 18:50:35 avih: any way you could pastebin those messages? 2017-03-19 18:50:41 maybe a clue in there 2017-03-19 18:50:54 scv: But having a consistent UID mapping would be a very good thing for consistency. 2017-03-19 18:51:11 not sure, virtualbox terminal doesn't allow copy-paste i think. are they anywhere at /var/log? 2017-03-19 18:51:31 (i can still ssh to the machine and copy logs, but which ones should i copy?) 2017-03-19 18:51:32 scv: A master-password/group file containing all the known users installed by packages and their UIDs. 2017-03-19 18:52:23 avih: well, it's unlikely they're written out if your fs is ro 2017-03-19 18:52:30 :/ 2017-03-19 18:52:40 maybe a screenshot if you can still scroll up to that point? 2017-03-19 18:52:46 maybe they're writable as root? sec 2017-03-19 18:52:50 shift-pgup should do it but it has limited buffer 2017-03-19 18:52:58 nope 2017-03-19 18:54:11 scv: What we want to avoid is situations where one system has user postgres as uid 85 and another has apache at the same uid 2017-03-19 18:54:17 of course 2017-03-19 18:54:21 no other distro does that 2017-03-19 18:54:30 typically uids <500 are reserved for such purposes 2017-03-19 18:54:55 scv: Right, but I'm not aware of a mapping for that allocation on alpine, are you? 2017-03-19 18:55:05 scv: first issue at the boot log on screen seems to be: "[green *] Configuring kernel parameters ..." and next line "[yellow *] / is not writable" 2017-03-19 18:55:19 hm 2017-03-19 18:55:35 TemptorSent: presumably every existing added user is already assigned a UID, but i'm not 100% sure 2017-03-19 18:56:35 i think i configured openrc to write a log, but i don't recall where it is, and tab completion doesn't work due to readonly fs.. 2017-03-19 18:57:19 scv: Okay, I'd love to know where the map is if so! But it might be sane to just populate all of the known accounts in passwd/group, with them set deactivated until the package is installed. 2017-03-19 18:58:19 the disk is not full either. 2017-03-19 18:58:23 scv: It would prevent users from fubaring their systems by adding system users and would make tar files with UIDs resolvable consistently, regardless of what's installed. 2017-03-19 18:59:02 avih: read only might occur if the kernel command line has 'ro' and it wasn't remounted rw or if you had an error on the disk on boot 2017-03-19 18:59:07 being full wouldn't trigger read only 2017-03-19 18:59:18 avih: first place i'd check would be the kernel command line 2017-03-19 18:59:21 should be near the top of dmesg 2017-03-19 19:00:45 scv: is there a missing comma here?! Command line: BOOT_IMAGE=vmlinuz-grsec root=UUID=85ae6191-c977-4cbc-958f-fb4cd951de8cmodules=sd-mod,usb-storage,ext4 quiet initrd=initramfs-grsec 2017-03-19 19:01:13 avih: a missing space before modules at least. 2017-03-19 19:01:26 yep 2017-03-19 19:01:33 right. missing something. 2017-03-19 19:01:55 so how does that happen? 2017-03-19 19:02:03 a bug perhaps :p 2017-03-19 19:02:09 cannot be! 2017-03-19 19:02:32 those entries come from /etc/update-extlinux.conf usually 2017-03-19 19:02:33 this seems to be the update http://git.alpinelinux.org/cgit/aports/commit/?id=75beafaab9382148ffdd85d7c1444775b29b44d7 2017-03-19 19:03:25 what flags do you have in your fstab? 2017-03-19 19:03:33 is Sören Tempel here? he pushed it recently 2017-03-19 19:03:44 scv: how do i check that? 2017-03-19 19:03:52 less /etc/fstab ? 2017-03-19 19:03:54 cat /etc/fstab 2017-03-19 19:03:56 they're the 4th column 2017-03-19 19:04:35 both / and /boot are rw 2017-03-19 19:04:41 funky 2017-03-19 19:04:44 well 2017-03-19 19:04:48 as root you can do mount -o remount,rw / 2017-03-19 19:04:53 to work around that for now 2017-03-19 19:05:01 but as for the root cause i'm not quite sure, it may be related to that patch 2017-03-19 19:05:03 e.g. "... / ext4 rw,relatime,data=ordered 0 0" 2017-03-19 19:05:27 yep looks normal 2017-03-19 19:06:03 Did you try with the space in the command line? It would both fubar the root UUID and the modules loaded for detection. 2017-03-19 19:06:19 TemptorSent: how do i test that? 2017-03-19 19:06:20 presumably if root wasn't specified right it wouldn't have mounted at all 2017-03-19 19:06:29 avih: is it really present without a space in dmesg? 2017-03-19 19:06:34 yes 2017-03-19 19:06:36 hrm 2017-03-19 19:06:46 i'd expect that to completely break boot tbh. 2017-03-19 19:06:50 Yeah, try editing your kerenel command line. 2017-03-19 19:07:03 nlplug-findfs may be partially salvaging it. 2017-03-19 19:07:05 i don't disagree. it's too weird to work in any meaningful way (read only included) 2017-03-19 19:07:35 TemptorSent: how do i edit the kerne; command line? 2017-03-19 19:07:39 l 2017-03-19 19:07:55 It's POSSIBLE that it parses the UUID okay given a fixed length, and the modules are failing to load. 2017-03-19 19:07:56 this is a hdd install 2017-03-19 19:08:09 (inside vbox) 2017-03-19 19:08:54 avih : if you can edit the syslinux/extlinux conf file in /boot/syslinux, that's the best bet. 2017-03-19 19:09:21 Otherwise, type it at the boot prompt -- hold down while booting to trip it. 2017-03-19 19:09:22 /boot/syslinux.conf 2017-03-19 19:09:23 hmm.. /boot might be writable 2017-03-19 19:09:35 line should be like 2017-03-19 19:09:35 APPEND root=UUID=fa1d21a0-08df-48bb-95cd-62929828e771 modules=sd-mod,usb-storage,ext4 quiet 2017-03-19 19:09:59 ..with your UUID :) 2017-03-19 19:10:02 yeah 2017-03-19 19:10:03 :p 2017-03-19 19:10:18 sec; i don't have tab completion! :) 2017-03-19 19:11:01 *lol* At least you're not retyping URLs to a differnt machine to use a browser! 2017-03-19 19:11:43 well.. no missing space there... https://pastebin.mozilla.org/8982560 2017-03-19 19:12:29 this doesn't seem right though. my timeout is not 30s. it's 3 i think 2017-03-19 19:12:38 i don't suspect that to be the issue. nothing with that would trigger read only 2017-03-19 19:12:54 avih: as root, run: mount -o remount,rw / 2017-03-19 19:12:59 should fix your tab completion and whatnot 2017-03-19 19:13:19 then you may be able to get a full dmesg/messages log pastebin'd for us to see 2017-03-19 19:13:22 indeed. that worked. 2017-03-19 19:13:25 but now what? 2017-03-19 19:13:37 let's see the contents of /var/log/messages 2017-03-19 19:13:41 and /var/log/dmesg 2017-03-19 19:13:52 i could already do that before. recall, i can ssh into it with a normal terminal 2017-03-19 19:15:27 scv: dmesg https://pastebin.mozilla.org/8982561 2017-03-19 19:16:16 (this is without any vbox guest additions or modules) 2017-03-19 19:16:44 huh.. is this right? "Booting paravirtualized kernel on KVM" 2017-03-19 19:17:28 wait a sec. the space is there now. wtf 2017-03-19 19:17:48 weird. so that was a red herring 2017-03-19 19:17:56 *cues twilight zone theme music 2017-03-19 19:19:38 i don't get where all the KVM related messages come from. i'm not using kvm afaik. 2017-03-19 19:19:59 this is plain alpine hdd install on vbox. the extended image. 2017-03-19 19:21:58 it just means it's accelerated 2017-03-19 19:22:58 i don't see anything out of the ordinary there, anything boot-time in messages? 2017-03-19 19:23:04 oh, you mean vt-x/vt-d on vbox? 2017-03-19 19:23:42 scv: the first non green message is the one i told you earlier. after configuring kernel params, i got warning that / is not writable 2017-03-19 19:24:05 well, at this point i suspect its that openrc patch as well 2017-03-19 19:24:35 perhaps you can try rolling openrc back to an earlier revision and see if that works 2017-03-19 19:24:39 maybe install the apk from 3.5 2017-03-19 19:25:22 you mean apk add openrc@main or so? 2017-03-19 19:25:53 sorry. that would still be edge. not sure how to add from 3.5 2017-03-19 19:26:57 i guess i could remove the edge repos and try to reinstall openrc. however, i think i'll wait a bit and see if a fix arrives first. 2017-03-19 19:29:17 scv: any chance that because readonly, this dmesg is from the previous boot? 2017-03-19 19:29:33 (i.e. the one after which i updated openrc) 2017-03-19 19:29:35 probably 2017-03-19 19:29:38 now that i think about it 2017-03-19 19:29:42 i should go get some coffee. :) 2017-03-19 19:29:59 sounds reasonable :) 2017-03-19 19:32:43 TemptorSent: would it be terrible if i tried to write some small file to /boot to check if it's writable? 2017-03-19 19:50:52 avih : Nope, no problem at all. 2017-03-19 19:52:06 TemptorSent: k, i'll keep that in mind. for now though, i'm not sure how to proceed diagnostics, since it could be the case that i have no valid logs at all due to this readonly mount.. 2017-03-19 19:52:34 avih: Boot with 'noquiet' and 'debug' on the cmdline 2017-03-19 19:52:53 TemptorSent: so just remove the "quiet" and add "debug"? 2017-03-19 19:53:32 i'm basically replacing (the existing) quiet with debug 2017-03-19 19:54:10 huh, it seems the scrollback is limited. 2017-03-19 19:54:39 and i can scroll back (on screen) only so far, but it's still far from the begining of the log 2017-03-19 19:57:21 avih: I've got to run, but look into setting up the serial console, it makes debugging boot much easier. I'll be back in a few hrs. 2017-03-19 19:57:25 ok, these are the last two messages before the colorful openrc log starts: 2017-03-19 19:58:05 EXT4-fs (sda3): couldn't mount as ext3 due to feature incompatibilities 2017-03-19 19:58:33 EXT4-fs (sda3): mounted filesystem with ordered data mode. Opts: (null) 2017-03-19 19:58:34 ok. 2017-03-19 20:00:31 Looks like your fstab/mount options don't agree with your actual fs. Make sure everything says ext4 if you're using ext4, including the kernel module, fstab, and any other mounts. 2017-03-19 20:01:03 and then some successful (green) openrc log lines, and then (green) "configuring kernel parameters" and then warning (yellow) "/ is not writable" 2017-03-19 20:01:21 I'll have to look at it further when I get back. 2017-03-19 20:01:33 TemptorSent: i haven't touched any of those, and this system has booted happily dozens of times. 2017-03-19 20:02:07 thx. ping me when you're back. if i'm online, i'll be available to debug further. thanks. 2017-03-19 20:02:50 avih: Then I suspect a module somewhere isn't loading... it shouldn't break randomly, but then again -- it's on a computer... random behaviour expected at random :)_ 2017-03-19 20:03:19 it wasn't random. it started after openrc updated 2017-03-19 20:03:36 this http://git.alpinelinux.org/cgit/aports/commit/?id=75beafaab9382148ffdd85d7c1444775b29b44d7 2017-03-19 20:04:22 seems like a lot of patches were removed 2017-03-19 20:04:42 or at least a lot of *.initd files were removed 2017-03-19 20:04:55 but also patches. 2017-03-19 20:05:51 awesome, lots of ppl here, this is promising.\ 2017-03-19 20:06:26 lots of lurkers ;) 2017-03-19 20:06:32 lol 2017-03-19 20:08:03 i know there are guides and such for setting up alpine as a router. No problem so far. Except adding my shiny new asus usb wireless ac stick.... 2017-03-19 20:08:27 want to use it as my makeshift ap point 2017-03-19 20:08:57 am kinda noob at this, only 5 years in or so... 2017-03-19 20:10:10 is this a matter of adding asus' linux repositories? 2017-03-19 20:12:14 oh, i read it incorrectly. all the same files are still there, only 3 were modified (the ABUILD and two patches), but the short hashes were removed and only the sha512 were kept. so another red herring (wrt removals) 2017-03-19 20:14:20 i'm suspecting the changes at 0002-force-root-be-rw-before-localmount.patch but i don't know enough to evaluate them 2017-03-19 20:14:48 G'day, anything similar to preseed/kickstart in Alpine? Looking to automate a installation.. Any hints welcome :) 2017-03-19 20:17:50 ? 2017-03-19 20:20:01 bulld00zer: nope 2017-03-19 20:20:40 but try to play with lbu and custom overlays if you have a day or two to spare 2017-03-19 20:20:51 since it enables some things you might want 2017-03-19 20:21:13 darkfader that is intended for me? 2017-03-19 20:21:21 cdnlnxnb: no 2017-03-19 20:21:34 thnks 2017-03-19 20:22:30 darkfader: figured as much, lbu and overlays it is :) thank you for pointing me in the right direction. 2017-03-19 20:34:31 alternately, i could return it to the store and get something you all reccomend 2017-03-19 20:41:14 TemptorSent: so it seems i fixed it, but i'm not sure what the implications are. this is the patch which was used with the previous openrc version http://git.alpinelinux.org/cgit/aports/tree/main/openrc/0002-force-root-be-rw-before-localmount.patch?id=e65aa032e89545870845918ca05d4943e0ec10f0 and with the openrc update, the patch was updated too to look like this http://git.alpinelinux.org/cgit/aports/tree/main/openrc/0002-force-root-be-rw-before- 2017-03-19 20:41:14 localmount.patch?id=75beafaab9382148ffdd85d7c1444775b29b44d7 2017-03-19 20:43:43 clearly the openrc code has changed (i haven't looked at it though), as it seems the new openrc code has "root" at the "use" and "after" lines, which the new patch removes. so now there's no "root" at all in either need/use/after lines. my change was from "need fsck" to "need fsck root". making it similar to the output of applying the previous patch to the previous openrc version. and this seems to work. 2017-03-19 20:44:30 however, as i noted, i don't know what the implications are. 2017-03-19 20:45:01 (i edited /etc/init.d/localmount directly with the additional "root") 2017-03-19 20:47:23 (i also tried to just disable/revert what the new patch does as if it didn't exist, i.e. restore "root" to the use+after lines, but it didn't fix the issue. so i ended up with the new patch applied - without any "root", and then added root to the "need" line - which seems to work) 2017-03-19 20:58:30 hrm.... feels like I am gonna learn a heck of a lot about archlinux today.... 2017-03-19 20:59:49 that is some kind of dark ritual right? install a wireless adapter into whatever flavour of linux you are chasing that day? 2017-03-19 21:04:02 arch has a really good wiki, can I basically follow the directions there? 2017-03-19 21:05:31 <_ikke_> Don't think arch instructions are going to work for alpine 2017-03-19 21:13:27 though this was based on arch? 2017-03-19 21:13:35 <_ikke_> nope, not at all 2017-03-19 21:13:40 oh, my bad 2017-03-19 21:14:05 <_ikke_> The only resemblance is that they have the same way to build packages 2017-03-19 21:14:51 ok, so adding my wifi adapter is done by adding it as a package and then configuring it right? 2017-03-19 21:15:09 wifi support usually comes from the kernel 2017-03-19 21:16:35 for a specific chipset, if I recall... going back to my original issue.... should i just return this and get something easier to work with? 2017-03-19 21:16:35 and the dark ritual is mostly about promising to sacrifice a goat to the dark lord before picking up a wifi adapter in the shop 2017-03-19 21:18:57 any specific model i could use with usb and it would probably show up on boot? 2017-03-19 21:19:58 plug it in, see what lsusb or dmesg tells you to get the vendorID:productID pair and then do some google-fu to find what kernel module supports it 2017-03-19 21:21:30 (sweats) sure...... slowly but surely getting there. I promised i would never get into programming... compiling kernels doesn't count does it? 2017-03-19 21:21:52 seriously though, will do 2017-03-19 21:21:55 thanks 2017-03-19 21:22:07 no, but fortunately, you most probably won't have to compile the kernel 2017-03-19 21:24:00 as an aside.... i am also 2/3rds the way through rebuilding my dirtbike engine for the first time.... equally dauntiung 2017-03-19 21:24:24 will be back for more advice i am sure. thanks! 2017-03-19 22:00:16 TemptorSent: scv: i filed https://bugs.alpinelinux.org/issues/7042 . Thanks for the help. 2017-03-19 23:46:25 hello... anyone mind helping me sort out my understanding of the docs? 2017-03-19 23:46:36 (regarding run from ram / usb mode) 2017-03-19 23:48:41 it sounds like if I want a run from ram system, I boot an iso, via either usb or cd, run setup-bootable pointed at the usb device I want to boot off of, and then on that usb device, tweak the lbu and other settings I want persisted ... is that about right? 2017-03-19 23:49:03 (and no, I don't intend to boot from the same USB device that I'll run setup-bootable pointed towards) 2017-03-19 23:53:01 or is there some tar or similar compressed file/image that the tmpfs gets extracted/uncompressed from? 2017-03-20 00:15:43 avih: It appears that mtab is being used again, not sure what exactly the intent was there. 2017-03-20 00:16:01 keep getting errors no matter what mirror I use? 2017-03-20 00:22:39 shad0: The initfs builds a run-from-ram system in-place by extracting apks and applying overlays. You don't need to do anythign special to get it to boot, and you can persist your changes with lbu. 2017-03-20 00:24:03 shad0: Keep in mind tha lbu defaults to backing up /etc and nothing else, so if you need to modify files elsewhere, you'll need to include them explicitly. 2017-03-20 00:25:45 tarpit: What kind of errors and is it still persisting? 2017-03-20 00:27:16 When I added the eth1 it no longer access the Internet. 2017-03-20 00:28:53 tarpit: Oh, got it -- check that you still have a default route pointing to a gateway somewhere 2017-03-20 00:29:15 tarpit: It sounds like your interface came up but isn't fully configured. 2017-03-20 00:31:05 I turn off the second Ethernet to update software. It works. I will look at adding a static route. 2017-03-20 00:32:10 tarpit: You just need to make sur you have a default route that actually goes out to a gatway, the other can be dhcp configured if you want, but you'll want to keep it from overwritign your default route if it's on an internal network. 2017-03-20 00:36:06 TemptorSent, so even on a 'sys' install, it's booting into ram? 2017-03-20 00:36:31 (I mean, initfs is loading the operating "image" into ram?) 2017-03-20 00:36:40 shad0: No, once you install your sys to media, you're running a normal root. 2017-03-20 00:37:08 so setup-alpine with usb sets up a different initfs config than setup-alpine with sys or data? 2017-03-20 00:37:10 shad0: You don't need to install anything to get the run-from-ram setup, just boot. 2017-03-20 00:37:37 ok... where/how would such a configuration know to look for lbu's to apply during startup? 2017-03-20 00:37:50 shad0: I believe so -- it should be a "media" layout for iso/usb and a standard layout for installed systems. 2017-03-20 00:37:55 (suppose I dd an iso onto a usb stick to get into run-from-ram territory) 2017-03-20 00:38:44 I guess now I'm asking less about run from ram, and more about "run-from-ram with persisted config/changes" 2017-03-20 00:38:47 shad0: It's pretty flexible about where you store your data, but I haven't gotten into the guts of how it restores the lbus yet. Right now I'm hacking my way through mkinifs. 2017-03-20 00:38:54 ahh 2017-03-20 00:39:46 shad0: You can pass a path or url at the kernel prompt to load overlays from wherever. 2017-03-20 00:39:53 I'm guessing I may eventually have to do the same. in the short term, I don't mind installing to disk, in the long term it would be nice to be able to run-from-ram off of a usb stick, with lbu's saved back to some folder/partition on that same usb stick. then backing up the system would be a matter of dd'ing all the partitions 2017-03-20 00:40:35 shad0: That should be functional now, I just haven't gotten into the details of lbu itself yet. 2017-03-20 00:40:45 that's nice, I just wish it was more streamlined than that :) 2017-03-20 00:40:58 shad0: Working on it :) 2017-03-20 00:41:46 right... I imagine I could make it work, just wondered if it was documented and/or easily supported by existing tooling. from what little I've found online, even going with custom disk partitioning seems to imply having to throw out or heavily modify setup-alpine in order to play nice 2017-03-20 00:42:09 sorry, I'm spoiled ;-) 2017-03-20 00:42:12 shad0: lbu should jsut do the right thing. 2017-03-20 00:42:45 I get that, but I don't understand what that is 2017-03-20 00:42:50 shad0: Yeah, working on build tool that should handle all that. 2017-03-20 00:43:06 ahh 2017-03-20 00:43:07 "Alpine Local Backup Utility" 2017-03-20 00:43:29 Docs on the Alpine wiki look usable for it :) 2017-03-20 00:43:53 sorry... "I get the idea of the general process, and the goal, but I don't understand the intricacies of how it works or where I could find documentation on how to either learn about and go with the implied flow, or massage said tooling to serve my own selfish desires" 2017-03-20 00:44:19 the docs feel a bit surface level to me. 2017-03-20 00:44:48 shad0: Yeah, I've been finding more undocumented than documented and donig a lot of UTSL. 2017-03-20 00:45:14 shad0: Writing good documentation is often harder than writing the code for the software your documenting! 2017-03-20 00:45:15 for example, how can I either set up my own disk partitioning via answer file, or set up the system ahead of time so that either setup-alpine or setup-disks configures the disks without borking anything else up? the closest I've found is having to run setup disks manually, and tell setup-alpine to ignore that step. 2017-03-20 00:45:29 but even there, does that mean I also have to run setup-bootable manually to get the disk bootable? 2017-03-20 00:45:38 I know, I know... 2017-03-20 00:45:45 UTSL? 2017-03-20 00:45:54 shad0: Yeah, currently that whole infrastruture is a mess for anythign other than defaults. 2017-03-20 00:46:05 Use The Source, Luke :) 2017-03-20 00:46:10 I kinda guessed that. I should probably just hush and dig in :) 2017-03-20 00:46:12 ahh 2017-03-20 00:46:40 I really like the concepts I've read so far about alpine linux, and the size of it 2017-03-20 00:46:49 I'm in the middle of pretty much rebuilding the image/system building infrastructure entirely. 2017-03-20 00:47:00 oof. 2017-03-20 00:47:10 and here I come being all demanding. 2017-03-20 00:47:29 well, thank you in advance/middle-of all of your hard work 2017-03-20 00:47:33 See branch at https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-20 00:47:46 I'll try to look it over in the next few days 2017-03-20 00:48:08 shad0: I thing you just volunteered to help, right? ;) 2017-03-20 00:48:13 er think 2017-03-20 00:48:23 in the meantime I'll probably see how painful it is to get running on an nvme disk. as of 12-15 months ago, it sounded like it required adding the nvme ko into the initfs 2017-03-20 00:48:45 hehe if I get hooked enough, sure 2017-03-20 00:48:59 Anyway, I haven't pushed any of the mkinitfs stuff yet as I'm just now working on the surgery to integrate the existing code first, then recombobulate into something sane. 2017-03-20 00:49:14 makes sense 2017-03-20 00:50:00 shad0: Will be adding the filesystems as plugins and allowing definitions of FS layouts in profiles as I get time. 2017-03-20 00:50:21 and all still via bash scripts? 2017-03-20 00:50:44 if so, that's badass. I usually chicken out on things that "complex" and grab python or ruby. 2017-03-20 00:50:46 shad0: Right now, I'm working on getting it to build initramfses that include only what's necessary for that application and not a huge amount of useless crap. 2017-03-20 00:50:53 Yeah, it's all bash. 2017-03-20 00:51:16 er, ash, 2017-03-20 00:51:19 no b :) 2017-03-20 00:51:24 ah 2017-03-20 00:51:26 So no arrays either. 2017-03-20 00:51:30 oof 2017-03-20 00:52:02 Mostly POSIXly correct in fact, with a couple cheaters available like ${var//regex/sub} 2017-03-20 00:52:08 I'm sure that complicates things a fair bit for trying to use env vars and config files to support more advanced partitioning schemes 2017-03-20 00:52:59 shad0: Nah, it's actually quite easy to support stuff like that - the layout already follows FS conventions. 2017-03-20 00:53:11 oh, that's good. 2017-03-20 00:53:42 I'm gonna run now, but thank you for your responses. my apologies for being "demanding" about features/functionality/docs, thanks again for your work 2017-03-20 00:53:46 shad0: All you need to do is translate the requested partition into whatever flavor mkfs you need. 2017-03-20 00:54:20 are you using parted for setting up the partitions? 2017-03-20 00:54:28 shad0: No problem -- I just dug in because I need it to work for me to distribute to lights-out applications. 2017-03-20 00:55:06 that's my goal application, but my server pool is single digits and my boss is only a dick to other people, not me ;-) 2017-03-20 00:55:08 shad0: Take your pick, everythign is sufficiently modular that you can use whichever is appropriate. 2017-03-20 00:56:09 given the lack of architectural foresight I have to deal with at the 9-5, even that fairly "basic" level of architectural vision is refreshing 2017-03-20 00:56:27 shad0: Basically, you write a plugin that takes an input of partitions to create and spits out commands in your flavor partition editor of choice. 2017-03-20 00:57:10 shad0: Yeah, I try to actually make things work, not just temporarily. 2017-03-20 00:57:51 our favorite game is "kick the can down the road, just a little bit longer..." 2017-03-20 00:57:57 going on 10 years of playing that game. 2017-03-20 00:58:02 shad0: My branch currently suffers from having code sourced from at least three different utilities in addition to a lot of scratch code. 2017-03-20 00:58:24 that sounds like a bit of a tangle 2017-03-20 00:58:25 shad0: Yeah, been there, done that, doesn't often end well. 2017-03-20 00:58:28 or at least, it could be 2017-03-20 00:58:41 they haven't learned yet. keep scraping by on luck and whipping peoples backs 2017-03-20 00:58:54 shad0: Yeah, I thorougly refactored all of the above and have it almost sane at this pont. 2017-03-20 00:58:59 point. 2017-03-20 00:59:05 and a whole lot of "this is the most critical item for the next 5 minutes" 2017-03-20 00:59:10 dang, nice 2017-03-20 00:59:21 <^7heo> moin 2017-03-20 00:59:31 <^7heo> nacht, auch 2017-03-20 00:59:55 shad0: Righ now, literally everythign but the outermost layer of the command processing and one loop is a plugin or in a utility file. 2017-03-20 01:00:15 excellent 2017-03-20 01:00:22 ^7heo: 'evening. 2017-03-20 01:00:53 <^7heo> :) 2017-03-20 01:01:05 shad0: I'm also working on documenting every utility function with it's usage and have gotten through adding at least reasonable error checking to 80%. 2017-03-20 01:01:12 <^7heo> It's actually 2 am ;) 2017-03-20 01:01:15 overachiever ;-) 2017-03-20 01:01:27 <^7heo> and I'm in my bed 2017-03-20 01:01:42 shad0: Self preservation -- it was impossible to debug before! 2017-03-20 01:02:45 ^7heo: I've been doing a lot of those lately. 2017-03-20 01:02:46 I feel you there. we've got more than a few 1k+ LOC functions at work. 2017-03-20 01:03:18 shad0: Yeah, of which 200 should probably be debugging code at that point! 2017-03-20 01:03:36 eff that. make it like 10 100 loc functions 2017-03-20 01:03:42 or even better. 2017-03-20 01:03:59 it's one of those sad things where people debug the wrong things, code in all the wrong anti-patterns, etc. 2017-03-20 01:04:10 and if you try to suggest better ways to do things, they look at you like you have 3 heads. 2017-03-20 01:04:18 shad0: Oh, 1k LOC functions that don't actually need to be one function. ick. 2017-03-20 01:04:45 "what's wrong with storing 200,000 device- and date-specific data files in one folder?" 2017-03-20 01:05:01 shad0: I'm so sick about hearing about all these 'patterns' -- that's nice, how about learning to actually UNDERSTAND the code people? 2017-03-20 01:05:05 sorry, I think I missed a zero there. we've had a million files in one folder at times 2017-03-20 01:05:27 I'd take either one. at least if they thought about patterns, it would imply thinking about something other than the nose in front of their face. 2017-03-20 01:05:35 shad0: Sounds like you need an object store and a database, not a filesystem! 2017-03-20 01:06:00 these are log files. and most of them are date oriented. which begs the question, why has no one ever considered a yyyy/mm/dd/ hierarchy? 2017-03-20 01:06:26 that's like maybe 1-2 hours more work up front. to save countless hours of plain old scrolling for years to come 2017-03-20 01:06:31 shad0: Or a julian date perhaps? 2017-03-20 01:06:42 shad0: Or any number of sane solutions. 2017-03-20 01:06:49 yeah 2017-03-20 01:07:08 instead we can actually self-DOS b/c our OS(not linux) chokes on folders with tons of files 2017-03-20 01:07:37 *lol* Job security? 2017-03-20 01:07:50 we can choke processing queues if one device spams the logs, b/c why would we ever need round-robin? 2017-03-20 01:08:27 haha I wish. just lack of concern for quality/real(tm)-engineering 2017-03-20 01:08:36 shad0: Why even write logs to files at that point? There are log-oriented database systems for exactly that purpose. 2017-03-20 01:08:41 shad0, windows? 2017-03-20 01:09:01 it's remote devices writing logs that can be uploaded for central processing later. 2017-03-20 01:09:04 as late as xp, maybe later, windows got unusably slow with ~64k files in top-level temp dir 2017-03-20 01:09:07 with spotty connections at times 2017-03-20 01:09:32 dalias, yep, and we've had folders on 600-800 mhz machines with 6-7 digits worth of files. 2017-03-20 01:09:46 at that point, I've had the pleasure of discovering that chkdsk can take 20 minutes 2017-03-20 01:09:56 shad0: Right, read them directly into a DB, do not pass go, do not waste 2,000,000 inodes. 2017-03-20 01:10:21 TemptorSent, well, to be fair, I doubt they had many (cheap) options like that for embedded solutions 10 years ago 2017-03-20 01:10:42 which is why something as simple but effective as creating a couple layers of folders seems asinine to overlook. 2017-03-20 01:10:57 shad0: I was doing it 20 years ago on a Pentium-II 2017-03-20 01:11:23 I stand corrected, then. my embedded work that long ago was "big"-iron, alphas and such 2017-03-20 01:11:36 shad0: It was almost a nobrainer then even. 2017-03-20 01:12:06 well, never let it be said that this place takes the easy and technically sound way out. immediately easy, yes 2017-03-20 01:12:14 shad0: Yeah, I was working with some of the early 21264 stuff back in the day, damn 64 bit memory space was nice! 2017-03-20 01:12:35 they have apps where you have to recompile it to point it to a different server. HELLOOOOOO, config files, anyone? 2017-03-20 01:12:50 shad0: PostgreSQL + sed/awk/grep. 2017-03-20 01:12:54 I never had to worry about it, thankfully. 2017-03-20 01:13:02 (64 bit vs not) 2017-03-20 01:13:53 alright, I'm really off now. my exercise equipment is calling my name. you all have a good night :) 2017-03-20 01:14:25 shad0: Yeah, I've been at both ends of the spectrum -- both very small embedded environments (256BYTES of ram) all the way up to making stuff work for big clusters. 2017-03-20 01:14:47 shad0: Alright, take care. 2017-03-20 01:17:10 ^7heo : Insomnia, or your prefered time to get something done? 2017-03-20 01:23:05 <^7heo> TemptorSent: yes 2017-03-20 01:26:38 <^7heo> I'm currently thinking about re-setting up my rpi with alpine 2017-03-20 01:26:52 <^7heo> the only thing is 2017-03-20 01:27:24 <^7heo> read only root or not 2017-03-20 01:28:17 hiya, dump question. i've installed postgresql on my virtualbox, and i cannot login from my host via psql. i can ping it, but cannot log in. what do i have to change? 2017-03-20 01:29:54 <^7heo> gerard: this is not #postgresql 2017-03-20 01:30:10 <^7heo> gerard: but, what did you try? :) 2017-03-20 01:31:12 gerard: Almost certainly you need to edit your $PGDATA/pg_hba.conf 2017-03-20 01:31:24 <^7heo> not if it's local no 2017-03-20 01:31:40 <^7heo> hence my question 2017-03-20 01:32:21 i have local all all 0.0.0.0/0 trust 2017-03-20 01:32:26 ^7heo: Go with the RO root and overlay, less wear and tear on the SD if you use a USB stick for the rest. 2017-03-20 01:32:28 <^7heo> (i.e login via psql via ssh) 2017-03-20 01:32:57 ^7heo: Right, if it's local. 2017-03-20 01:33:15 <^7heo> TemptorSent: yeaah that's what I did so far... but it's tiresome to use 2017-03-20 01:33:39 ^7heo: Whyfore? 2017-03-20 01:33:53 <^7heo> gerard: if you login via psql via ssh (locally), does it work& 2017-03-20 01:34:04 <^7heo> ? 2017-03-20 01:34:07 yes. it works. 2017-03-20 01:34:30 <^7heo> TemptorSent: because then you have to manually save any change 2017-03-20 01:34:34 gerard: You need a host entry to allow connectoins remotely. 2017-03-20 01:34:44 <^7heo> gerard: yeah then hba 2017-03-20 01:34:49 ^7heo: Overlay-FS 2017-03-20 01:34:50 <^7heo> gerard: as TemptorSent said 2017-03-20 01:35:15 <^7heo> TemptorSent: still need manual operation with lbu, or? 2017-03-20 01:36:14 ^7heo: Not if you don't want to generate overlays -- you can just overlay a persistant, writable FS over your RO root. All you need to LBU is the config to get your overlay mounted. 2017-03-20 01:36:42 ^7heo: The other option is automating LBU I suppose. 2017-03-20 01:37:10 ^7heo: I just mount the root RO and mount my live system around it. 2017-03-20 01:37:23 <^7heo> yeah whichever. what overlay would you use? 2017-03-20 01:37:34 ^7heo: Whatever you need :) 2017-03-20 01:37:52 <^7heo> oe that *works* 2017-03-20 01:37:55 <^7heo> one* 2017-03-20 01:38:00 ^7heo: That's why I'm adding the overlay generation to mkimage -- make life easier. 2017-03-20 01:38:24 <^7heo> AFAIK there's not a single unionfs on linux that works 2017-03-20 01:39:00 ^7heo: You can start with no overlay, boot up in normal RO root, add the overlay mounts, lbu that and write it to your boot media, and go. 2017-03-20 01:39:40 <^7heo> again, with what software? 2017-03-20 01:40:02 <^7heo> bare linux does not do that, does it? 2017-03-20 01:40:05 OverlayFS. 2017-03-20 01:40:08 Yup :) 2017-03-20 01:41:12 <^7heo> is overlayfs the thing from docker? 2017-03-20 01:46:02 i had to change iptables rules as well ( https://www.cyberciti.biz/tips/postgres-allow-remote-access-tcp-connection.html ) 2017-03-20 01:46:34 <^7heo> yeah again, this has nothing to do with #alpine-linux 2017-03-20 01:46:52 <^7heo> but more with #postgresql and ##networking 2017-03-20 01:46:53 ^7heo: Docker uses it I believe, but it's in the mainline kernel and has been for a while now 2017-03-20 01:47:29 <^7heo> TemptorSent: I thought it has been contributed in by docker 2017-03-20 01:48:16 ^7heo: Possibly, although I believe that was a revision they contributed to support their needs better. 2017-03-20 01:48:40 <^7heo> ok 2017-03-20 01:50:14 ^7heo: From what I can see, the original merge was back in 3.18 or so, with major changes in 4.x 2017-03-20 01:51:41 ^7heo: It's already being used by alpine, just not for quite the same purpose. 2017-03-20 01:52:02 <^7heo> from what I know, there have been two "versions" of it 2017-03-20 01:52:17 <^7heo> the first one being a total fiasco 2017-03-20 01:53:22 ^7heo: Yeah, more or less -- the first version was never intended to be used for the purposes it quickly got bent to, which was most of the problem I believe. 2017-03-20 01:54:54 ^7heo: Your other option is just to mout right over the top of a skeleton root and ignore what's behind it. 2017-03-20 01:55:34 <^7heo> or confine my interactions to /home 2017-03-20 01:55:58 <^7heo> and expect the rest to be lbu-managed 2017-03-20 01:56:34 ^7heo: Yeah, set up LBU to run every couple hours or something to checkpoint, as well as at shutdown. 2017-03-20 01:57:28 <^7heo> I was thinking about hooking it up to sudo 2017-03-20 01:57:36 <^7heo> or something 2017-03-20 01:58:04 Setup incron to run on modificatons to anything in /etc. 2017-03-20 08:00:42 Hi, how do I run postfix in foreground? 2017-03-20 08:00:46 mode* 2017-03-20 08:03:30 <_ikke_> I don't think postfix runs in the foreground 2017-03-20 08:03:52 grmpf 2017-03-20 08:04:25 <_ikke_> postfix requires many processes 2017-03-20 08:05:56 The darn master process has a -w for foreground, but it still exits prematurely --" 2017-03-20 08:54:53 is it normal, that alpine doesnt "fully" shut down a pc? it gives the last message, that everything is stopped, i heard the components shut down, but the pc is still turned on. i have also noticed this on virtualbox. is there a fix? 2017-03-20 08:57:06 user__, what command you used? 'shutdown' works for me. another reason might be also related to kernel missing some driver... 2017-03-20 08:57:32 i used "halt" 2017-03-20 08:58:00 that's it then 2017-03-20 08:58:02 my vm says that shutdown does not exist 2017-03-20 08:58:13 "halt" is intended to just stop everything, but not poweroff 2017-03-20 08:58:25 try "poweroff" 2017-03-20 08:58:32 yep its poweroff 2017-03-20 08:58:46 busybox ships poweroff so that's always present 2017-03-20 08:58:48 i was so much used to "halt"... 2017-03-20 08:58:53 thanks 2017-03-20 09:03:16 <_ikke_> user__: halt has the -p (poweroff) parameter 2017-03-20 09:04:09 _ikke_: not in busybox, only d,n,f 2017-03-20 09:24:54 morning climbers. hapyp monday 2017-03-20 09:25:10 happy even 2017-03-20 09:38:09 Hello every one ! 2017-03-20 10:16:20 hi 2017-03-20 11:03:04 When wget'ing a dropbox URL from alpine, the file is only ~220K when it should be more like ~450M .. I've installed openssl .. does anybody know what could be causing this or how to troubleshoot? 2017-03-20 11:03:37 I'm on 3.5 2017-03-20 11:08:26 When running `update-ca-certificates` I get: WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping -- is there any need to be concerned about that? 2017-03-20 11:09:37 crl is snakeoil anyway, ct is the new god ;) 2017-03-20 11:10:06 hmmm, gotta check if ct is infact also useful for revocations 2017-03-20 11:13:04 yGweSm1OzVHe: is your comment in response to my question? 2017-03-20 11:15:22 yes 2017-03-20 11:16:03 crl is a broken mechanism, and if you have no special threat model i think you can ignore this warning 2017-03-20 11:16:19 iron_houzi, it's ok, the ca-certificates.crt is the generated one 2017-03-20 11:16:25 should probably silence the warning on that name... 2017-03-20 11:46:17 yGweSm1OzVHe: Is there another way to update or manage ca certs? 2017-03-20 11:51:17 crl is only for revocation, not updating/managing. and for that it is also a SoP, through DoSing you can force a user to use a revoked cert. 2017-03-20 11:51:49 s/SoP/SoF/ 2017-03-20 11:52:13 pki/ca-s are broken anyway irrespective of crls 2017-03-20 11:53:54 fabled: Do you think that the wget file output corruption could be caused by mismanaged SSL? 2017-03-20 11:53:56 yGweSm1OzVHe: ^^ 2017-03-20 11:54:07 nope 2017-03-20 11:54:16 iron_houzi, does not sound likely 2017-03-20 11:54:25 https://www.dropbox.com/s/xuceam8n27reoey/NDVISR_diff_20160520_20160719.tif 2017-03-20 11:54:34 if the cert is wrong, you cannot even start, and it will definitely not stop halfway dotnloading 2017-03-20 11:54:47 could you guys please try to download it? It should be 450M not 220k 2017-03-20 11:55:18 i'd look more into network problems and check if the file on dropbox really contains the full file 2017-03-20 11:56:08 same size here 2017-03-20 11:56:09 I tried doing it with a bare alpine:latest docker image which doesn't work .. Doing it in another ubuntu container on the same cluster makes it work .. 2017-03-20 11:56:25 yGweSm1OzVHe: You get ~450M ? 2017-03-20 11:56:26 it seems truncated 2017-03-20 11:57:18 yGweSm1OzVHe: .. it works on any other distro .. 2017-03-20 11:57:23 works here too 2017-03-20 11:57:27 on alpine edge 2017-03-20 11:57:34 i'm alos on alpine edge 2017-03-20 11:57:48 looks like network issues 2017-03-20 11:57:52 network issue? some firewall or IDS system dropping the connection? 2017-03-20 11:58:29 OK, thanks for the help .. I'll continue the digging 2017-03-20 12:14:44 anyone on edge updated recenly and got a new openrc? does the system boot ok (hdd install) after this update for you? 2017-03-20 12:19:14 OK .. this is funny .. there's a wget binary on alpine .. but when explicitly installing `apk --no-cache add ca-certificates wget && update-ca-certificates` .. wget works as intended .. very strange.. 2017-03-20 12:21:51 .. I mean wget binary exists prior to the apk add command but fails as explained further above .. but when explicitly installing wget with the certs, the file gets correctly downloaded.. 2017-03-20 12:23:00 busybox wget vs full wget 2017-03-20 12:25:19 yGweSm1OzVHe: ahhh .. that's news to me .. thanks! 2017-03-20 13:12:25 anything wrong with dl-6.a.o or is it just me? 2017-03-20 13:15:03 <_ikke_> Looks down for me as well 2017-03-20 15:53:02 We are experiencing issues with our mirrors, we are trying to get them in sync again. 2017-03-20 15:54:24 clandmeter: I use the same rsync commandline as you do for syncing our internal openwrt repo to our remote end :P 2017-03-20 15:57:19 looks like ssl issues too? 2017-03-20 15:58:48 ah, dns causing the cn issue 2017-03-20 16:03:45 Diftraku, its not an rsync issue 2017-03-20 16:06:01 clandmeter: do you think this issue doesn't affect most users https://bugs.alpinelinux.org/issues/7042 ? i marked it as high priority since i assumed it'd affect many, but considering the lack of and further confirmations, i'm guessing i'm wrong? would you mind updating edge and let me know if you were affected or not? 2017-03-20 19:27:37 mhm >.> whenever I use uname -p in a docker container using the alpine image i get unknown back >.> 2017-03-20 19:36:49 Madgod: Same result even on a standard install, probably BB. 2017-03-20 19:43:03 Madgod: Confirmed - busybox has processor hard-coded to 'unknown'. 2017-03-20 19:43:35 mhm that's ugly >.> 2017-03-20 19:45:34 Agreed. 2017-03-20 19:47:48 I believe it should return the same as machine unless there is actually some valid value set. 2017-03-20 19:49:21 It appears a bit TOO much space-savings was put into uname in busybox. 2017-03-20 20:02:58 Wow, uname looks generally broken in several ways... What are you using the output of uname -p in Madgod? 2017-03-20 21:19:34 anyone know why an apk listed in the index would be missing from official download mirror(s)? 2017-03-20 21:19:49 for example py2-requests-2.13.0-r0.apk 2017-03-20 21:20:55 i thought maybe i had not used the right command or something, but I looked at the index in a browser and don’t actually see the file 2017-03-20 21:21:31 The mirrors experienced a bad sync this morning, which you may still be seeign the after-effects of. 2017-03-20 21:21:41 ah hah 2017-03-20 21:21:49 that might explain it 2017-03-20 21:21:52 indeed 2017-03-20 21:22:03 i found a mirror in germany that does have it 2017-03-20 21:22:06 If it persists, try switching mirrors and running apk --update to hopefully clear it. 2017-03-20 21:22:33 Good deal. Hopefully the rest prop soon. 2017-03-20 21:22:36 but i was wondering if maybe it was intentionally removed for a security reason or something 2017-03-20 21:22:43 ok 2017-03-20 21:22:50 thanks! 2017-03-20 21:25:07 Nope, all the mirrors got synced with a missing arch in the delete I believe from a revision of abuild, which wiped everything from the mirrors essentially, and required a full redist. 2017-03-20 21:25:28 In other words, some of them could take a while to catch up :) 2017-03-21 11:21:17 i've seen more people having segfaulting issues with the v4l-utils package recently (from http://dev.alpinelinux.org/irclogs/ back in febuary.) has there been any more digging into this, and did anyone figure out a fix / workaround? 2017-03-21 11:51:49 o/ 2017-03-21 11:53:36 rrx, is there a bug about it? 2017-03-21 11:55:08 BitL0G1c: you about dude? 2017-03-21 12:09:27 fabled: can't find one 2017-03-21 13:00:46 <^7heo> \o/ 2017-03-21 13:00:50 <^7heo> ok cool 2017-03-21 13:00:56 <^7heo> \o/ 2017-03-21 13:01:03 <^7heo> perfect 2017-03-21 13:01:05 \o/ 2017-03-21 13:01:16 <^7heo> c00kiemon5ter: could you please try again? :) 2017-03-21 13:01:21 \o/ 2017-03-21 13:01:28 <^7heo> yeah great. 2017-03-21 13:01:39 <^7heo> I'm now ignoring all the activity from algitbot 2017-03-21 13:01:45 <^7heo> which is great :D 2017-03-21 13:01:46 o/ should produce o/\o aka hifive 2017-03-21 13:02:04 <^7heo> well, nah, o/ should produce \o 2017-03-21 13:02:10 :P 2017-03-21 13:02:31 <^7heo> because otherwise it looks like some weird bird face 2017-03-21 13:02:56 haha 2017-03-21 13:03:29 <^7heo> unhappy weird bird face. 2017-03-21 21:25:06 hey, has anybody thought of, seen mentions of or even attempted installing Alpine Linux to one of those QNAP SAN boxes? 2017-03-21 21:25:53 TBB: Nope, haven't poked at those yet. What are they running stock? 2017-03-21 21:26:24 SAN? you mean NAS, right? 2017-03-21 21:26:34 unfortunately didn't read about it yet 2017-03-21 21:26:35 they can be seen as both 2017-03-21 21:27:27 this one is tempting for me 2017-03-21 21:27:27 https://twitter.com/FlorianHeigl1/status/835505949137907713 2017-03-21 21:27:38 TemptorSent: they've got their own environment in it, but it seems quite interesting... some of the more powerful models can run, say, Ubuntu, on KVM 2017-03-21 21:28:14 TBB: Does it have ECC memory? 2017-03-21 21:28:22 their environment is just growing at a rate that might make them rather unsafe 2017-03-21 21:29:28 TemptorSent: I imagine the more expensive models would have that; the cheaper ones most probably not 2017-03-21 21:29:51 TBB: Yeah, lack of ECC is a deal-breaker for me on storage systems. 2017-03-21 21:29:53 Alpine Linux would be a good match for some of their products tho; they're supposedly running on a CPU named Annapurna Alpine 2017-03-21 21:30:47 :) Yeah, that's about as alpine as you get :) 2017-03-21 21:30:52 it would be fun if we got a commercial LIO license for it that way 2017-03-21 21:31:05 An amazon company... hmm. 2017-03-21 21:34:07 Not much info on their site, but it looks like it's basicaly a custom arm platform with some fast networking. 2017-03-21 21:34:16 setting one up with a ZFS capable Alpine install would definitely make an interesting [NS]A[SN] 2017-03-21 21:34:40 Agreed. 2017-03-21 21:34:53 <^7heo> I yet have to try zfs in alpine 2017-03-21 21:35:21 <^7heo> how well is it working? 2017-03-21 21:35:29 ^7heo: I have it working, at least when my kernel matches my modules :/ 2017-03-21 21:35:37 me too. in general ZFS is unfamiliar to me, although I've had a FreeBSD box running at home since 1998 or so 2017-03-21 21:36:04 ^7heo: I got bit by a bug in the kernel package that gave me an out of sync set. 2017-03-21 21:36:17 which is down for the first time since btw; it's in the process of being replaced by an Alpine install... 2017-03-21 21:36:31 But zfs generally works great, and acts pretty much like you'd expect it to if you were on sloaris. 2017-03-21 21:36:54 <^7heo> ok 2017-03-21 21:37:02 <^7heo> modulo linux 2017-03-21 21:37:04 <^7heo> I get it 2017-03-21 21:37:10 <^7heo> so basically 2017-03-21 21:37:32 ^7heo: It's pretty solid as long as you don't do something stupid :) 2017-03-21 21:37:35 <^7heo> (solaris)zfs == (linux)zfs 2017-03-21 21:37:49 <^7heo> like using it on linux? 2017-03-21 21:37:51 <^7heo> :D 2017-03-21 21:38:15 ^7heo: The core code of zfs is essentially the same across platforms now, with the 'spl' being the solaris portability layer. 2017-03-21 21:38:52 "pretty solid" doesn't sound like something I'd want to put all my data on tho :) 2017-03-21 21:39:19 TBB: I wouldn't go as far as calling ext4 'pretty solid' by comparison. 2017-03-21 21:39:28 <^7heo> TBB: heard about backups? 2017-03-21 21:40:00 TBB: and zfs-send is your new best friend :) 2017-03-21 21:40:07 backups are problematic when the amount of data grows beyond a certain point 2017-03-21 21:40:42 TBB: That's why you only have to transfer deltas with ZFS. 2017-03-21 21:40:47 but naturally, yes; I keep my current data backed up on a medium that spends most of its time offline 2017-03-21 21:42:37 TBB: In order of preference for stability/reliability, I'd put it zfs,xfs,ext3,ext2,ext4,btrfs,and on down from there for standard fses. 2017-03-21 21:43:26 my current setup is XFS 2017-03-21 21:44:10 TBB: Yeah, that qualifies as 'pretty solid' too, but long term data integrity is a bit harder to ensure. 2017-03-21 21:45:22 most of bad rep XFS has with regards to that is unfounded tho, but fact is, there was a pretty big problem with XFS a bit over a decade ago 2017-03-21 21:45:31 which hit me as well 2017-03-21 21:45:58 TBB: Yeah, I don't mean corruption by the fs, but bit-rot on disk, which is where ZFS shines. 2017-03-21 21:47:30 ZFS is hardcore tho, all that stuff about deduplication and everything does sounds very tempting 2017-03-21 21:47:37 I got bit by just about every FS out there that I tried EXCEPT zfs. The worst I did with zfs was confuse my pool enough to need to mannually reimport it. 2017-03-21 21:47:56 Do NOT attempt dedup. 2017-03-21 21:48:40 Dedup is probably the one crappy implementation in ZFS (mostly because it's a BIG problem space), and will quickly burn through copious quantities of ram maintaing the tables. 2017-03-21 21:49:20 I mostly just need iSCSI really, it'll help me store storage in a place where I can't hear it :D 2017-03-21 21:50:52 TBB: Yeah, iSCSI is good for that, but so are clustering fs systems and object stores with local fast caches. 2017-03-21 21:51:28 clustering filesystems are a bit overkill for home use tho 2017-03-21 21:51:42 but per se I'm not against any solution 2017-03-21 21:52:04 gotta keep an open mind if one wants to stay in this industry :) 2017-03-21 21:53:20 It depends on how you're using the storage. Exposing a filesystem that knows about networks is a lot more flexible than a network block device in many respects. 2017-03-21 21:53:59 iSCSI has some other layers, but I'm not aware of anything using them on the linux front currently. 2017-03-21 21:55:32 I guess my primary concern is security really. iSCSI would allow me to use a remote disk in an encrypted form without the disk provider ever knowing encryption keys and such. of course now that I type that thought out I can see various ways how that strategy could go horribly, horribly wrong 2017-03-21 21:56:53 TBB: *LOL* Yeah, encrypt your data, not your block layout. 2017-03-21 21:58:09 TBB: That's where object-stores make a lot of sense, you can encapsulate whatever you want in the object and it will still store, backup, reconstruct, etc without loosing the ability to decrypt. 2017-03-21 21:58:55 something like ecryptfs with a physical token would probably do the trick better too 2017-03-21 21:59:02 Ceph or anything heavy like that is proably too much, but there are some less overwhelming options. 2017-03-21 21:59:37 TBB: Ideally, multiple tokens, any two of which can decrypt. 2017-03-21 22:00:58 sure; you don't want to lose your data just because your token breaks :D 2017-03-21 22:17:39 I actually didn't read you carefully enough there 2017-03-22 00:25:33 I'm thinking of migrating from Gentoo to Alpine. Is it possible to search the package repositories online? 2017-03-22 00:25:41 I want to make sure I'll be able to install everything I need. 2017-03-22 00:26:11 luxio : http://dl-cdn.alpinelinux.org/alpine/ 2017-03-22 00:26:25 luxio : $ sudo apk search 'package-name' 2017-03-22 00:26:41 I haven't installed yet 2017-03-22 00:29:07 http://git.alpinelinux.org/cgit/aports/tree 2017-03-22 00:29:23 there's also a web ui but i prefer just reading the git repo 2017-03-22 00:34:22 dalias : can I ask you a quick question ? not really related to alpine/musl. 2017-03-22 00:35:25 dalias : https://github.com/ocsigen/ocaml-eliom/blob/master/asmrun/signals_osdep.h#L300. context->sregs is in kernel code. So basically I need to # include in that #elif 2017-03-22 00:35:29 is it normal ? 2017-03-22 00:37:05 kernel implementation of struct context->sregs : https://github.com/torvalds/linux/blob/master/arch/s390/include/uapi/asm/sigcontext.h#L79 2017-03-22 00:38:43 by normal I mean #include asm/ header 2017-03-22 00:41:26 just a sec 2017-03-22 00:41:39 Sure :) 2017-03-22 00:43:26 that would be one way but it's likely to clash 2017-03-22 00:43:42 the better thing to do would be to fix it to use the ucontext version of the structure from signal.h 2017-03-22 00:46:14 dalias : perfect ! That's exactly I wanted to do :) 2017-03-22 00:46:51 dalias : thank you ! I am working on that one :) 2017-03-22 00:47:26 so the ocaml code could do #include :) 2017-03-22 00:47:37 it's just 2017-03-22 00:47:50 oh cool 2017-03-22 00:47:51 :) 2017-03-22 00:48:02 but sys/ucontext.h should work to get it too iirc 2017-03-22 00:48:26 odd that i don't remember hitting this; must be relatively new 2017-03-22 00:48:42 in sys/ucontext.h we have signal.h 2017-03-22 00:48:50 ocaml worked even on utterly ancient pre-release musl-predecessor over a decade ago 2017-03-22 00:48:53 with no changes 2017-03-22 00:49:17 oh maybe it's not ocaml itself but some package 2017-03-22 00:50:10 well this context->sregs in this ocaml code only apply for s390x. lookup 'sregs' in the whole ocaml code you will see 2017-03-22 00:50:27 yeah but it seems to be using the old sigcontext stuff for most archs 2017-03-22 00:54:01 dalias : hum, some arch in that ocaml header uses #include 2017-03-22 00:54:03 https://github.com/ocaml/ocaml/blob/trunk/asmrun/signals_osdep.h 2017-03-22 00:56:02 but before that I will try figure out how to put sregs and signal.h into a good mix 2017-03-22 00:56:04 :) 2017-03-22 00:56:41 probably need to ask koorogi to do as I am not very good with kernel code ... even musl 2017-03-22 01:18:52 dalias : do you have any example on how to use kernel struct in our musl header ? 2017-03-22 01:26:48 ah looks like there are some struct used in kernel code, but only are defined in libc 2017-03-22 01:46:05 dalias : looks the glibc does include https://github.com/bminor/glibc/blob/master/sysdeps/unix/sysv/linux/bits/sigcontext.h 2017-03-22 01:52:39 yes. that's glibc and not relevant 2017-03-22 01:53:10 I see 2017-03-22 01:53:17 there's no need to be looking at any kernel code here 2017-03-22 01:53:48 this is purely a matter of the arch's layout of the ucontext/mcontext used to represent the interrupted process state at the time of a signal 2017-03-22 01:54:05 the kernel headers define one representation of that 2017-03-22 01:54:14 the libc headers define another representation of the same thing 2017-03-22 01:54:23 in userspace programs the latter is the one you should be using 2017-03-22 01:54:46 wow 2017-03-22 01:55:39 I see 2017-03-22 01:55:41 I will try 2017-03-22 02:20:47 I just installed Alpine and can't get WiFi to work. udhcpd shows a message at boot, trying 5 times to get a lease and failing. 2017-03-22 02:21:01 WiFi worked on the install USB drive. 2017-03-22 02:43:50 dalias : looks like koorogi merged few structs, so the layout might be different from the kernel, but still works. Thus I think I should just patch ocaml to work with musl's layout. 2017-03-22 07:55:39 hi guys, is there any solution for packages being cached during "abuild -r" ? Everytime I attempt to build packages, they're fethed from remote repositories. 2017-03-22 07:55:56 *fetched 2017-03-22 07:56:00 mkdir /etc/apk/cache 2017-03-22 07:56:18 is that so? 2017-03-22 07:56:18 or make it a symlink to the place where you want to cache them 2017-03-22 07:56:30 or run setup-apkcache 2017-03-22 07:58:14 what about -> ln -s /var/cache/apk /etc/apk/cache ? 2017-03-22 08:02:31 fabled: whatever.. i see that packages being stored anyway. thanks. 2017-03-22 08:15:04 morning 2017-03-22 09:02:22 please please armv5tel support please 2017-03-22 09:11:15 greguu: is that the old strongARM series? 2017-03-22 09:11:28 from the 90s? 2017-03-22 09:16:39 ScrumpyJack: No way, not that old. These ARM5 devices are for example Intel Xscale PXA series and other Marvel chipsets from 2002-2006. Some Watchguard Firewalls XTM22 etc are also ARM5v 2017-03-22 09:16:49 Are there any best practices regarding OSS compliance (especially when using packages with weak or strong copyleft licenses such as GPL or LGPL) when using alpine linux inside Docker Containers? 2017-03-22 09:17:50 ScrumpyJack: I would like to install it on the Sharp Zaurus C3100 / Cxxxx series 2017-03-22 09:19:11 ScrumpyJack: Currently I maintain a ArchLinuxARM port/kernel for the Zaurus C3x00 but it gets a bit heavy. Musl and OpenRC would be welcome 2017-03-22 10:29:34 hi people, quick question. I installed alpine using ISO to a harddrive, as a "sys" install, moved the hd image to kvm (from VBox) and booted it, and it boots fine, but when I start up, my root fs is mounted RO, even though fstab says rw,(relatime,data=ord..) 2017-03-22 10:29:38 is this expected? 2017-03-22 10:31:30 hi, (creating uefi boot usb) https://wiki.alpinelinux.org/wiki/Create_UEFI_boot_USB (loader/loader.conf part). Does the loader/loader.conf part (e.g. mkdir -p loader/entries) suggest it should be done from /mnt? (/mnt/loader/entries) or where to put the loader dir on the usb? 2017-03-22 10:31:32 /boot has the same flags, but is writeable, so its not that the underlying stuff is RO or anything, and I can of course remount it, but the udhcpd cant update resolv.conf at boot and gets interactive to ask what to do. 2017-03-22 11:46:00 somebody keen to help with uefi/efi boot? 2017-03-22 11:46:34 it seems to boot fine on uefi device, but windows 10 based one with efi usb boot option does not recognize the usb stick as bootable or usable device at all 2017-03-22 11:47:37 yet there are videos of people booting other distributions fine (mint ..), could it be the grub as bootloader used by others or the location of .efi files? 2017-03-22 11:49:58 what could I be doing wrong? 2017-03-22 11:56:20 oh, I see it's probably 32 bit. 2017-03-22 11:57:11 fuuu 2017-03-22 12:17:02 is it possible to create usb of alpine with efi ia32 booting? 2017-03-22 13:18:49 alpine linux has the package tomcat-native; which version of tomcat is this built out of? 2017-03-22 13:19:26 https://pkgs.alpinelinux.org/package/v3.5/community/x86_64/tomcat-native the link to the package 2017-03-22 13:21:16 when running `gcc -static my.c` I get a binary that is statically linked with musl libc, correct? 2017-03-22 13:25:02 I want to create a docker image that can build musl statically linked binaries, I'm just not sure if I've done it right :) I expect that alpine builds with musl by default? 2017-03-22 13:31:50 of course @ xificurC 2017-03-22 13:32:18 just use the official alpine docker image, and install the build-base package 2017-03-22 13:32:45 odc: I found gcc and musl-dev to be the minimal to build 2017-03-22 13:33:15 yes 2017-03-22 13:33:17 and make 2017-03-22 13:33:19 newbz if you look in aports in the apkbuild file you'll find: pkgver=1.2.10 2017-03-22 13:33:29 odc: but build-base probably makes sense. Thank you 2017-03-22 13:33:37 and yes I'm using the official docker image 2017-03-22 13:33:44 cool 2017-03-22 13:34:01 newbz: also you can find an intriguing todo: TODO: Patch for LibreSSL and enable SSL support. 2017-03-22 13:34:55 newbz: but it seems the same info is also on the webpage you linked, sans the todo 2017-03-22 13:42:13 i've finally removed all services from my kimsufi host and it's ready for Alpine Linux. anyone have notes on bootstrapping remotely beyond what's on the wiki? 2017-03-22 14:51:22 I imagine you've got the linux-fu to pull it off without wiki too. I had no idea of the wiki page when I did that to my old Gentoo remote host... 2017-03-22 15:01:47 right, ready to reboot 2017-03-22 15:08:04 good luck! 2017-03-22 15:12:43 i'm just worried my apkovl doesn't get overlayed 2017-03-22 15:16:19 <^7heo> ScrumpyJack: any idea how the apkovl file gets found at boot? 2017-03-22 15:19:30 the init script 2017-03-22 15:19:48 lemme check 2017-03-22 15:20:18 <^7heo> that would be ace 2017-03-22 15:20:23 <^7heo> yesterday I was searching for it 2017-03-22 15:20:25 <^7heo> but I was too busy 2017-03-22 15:20:34 <^7heo> so I didn't actually bother to find it ;P 2017-03-22 15:54:17 it seems like you can pass it as a kernel option (and ends up in /proc/cmdline) or the script reads it from /tmp/apkovls 2017-03-22 15:54:52 it's pretty dense 2017-03-22 16:29:52 hi there, my alpine vm is stuck while starting busybox crond for few minutes and then continues booting. I have no custom cron jobs. How can I debug what is going wrong? 2017-03-22 16:36:28 saidso: are you sure it's crond and not chrony? 2017-03-22 16:37:02 Hello! I’m playing around a bit trying to get alpine up and running on Digital Ocean. It sort of works, I can ssh in to the box - but when I reboot it, I’m unable to connect to it before I run `service networking restart`. Then I can connect again. Any clue where to start here? 2017-03-22 16:38:30 ScrumpyJack: Let me check again.. 2017-03-22 16:48:30 ScrumpyJack: I removed chronyd from default runlevel. So now I am sure it is stuck on starting crond 2017-03-22 16:51:19 not sure what's going on there. you could try installing fcron (as i don't think we have vixie cron packaged) 2017-03-22 16:58:20 ScrumpyJack: Just from curiosity I disabled also chronyd and the boot process looks the same so it is hanging somewhere else. My first idea is that there is not enouhg entropy in the vm so it si stuck at "Initializing random number generator" 2017-03-22 16:59:49 looks like eth0 has no inet addr after boot, and only gets one after i do `service networking restart`. weird 2017-03-22 17:03:46 ScrumpyJack: cat /proc/sys/kernel/random/entropy_avail on the hosts shows there is plenty... 2017-03-22 17:07:41 sharks__: I've installed dhclient into my Alpine systems, it seems to do a better job than BusyBox udhcpc 2017-03-22 17:08:11 TBB: I think I’ll try that. thanks! 2017-03-22 17:08:44 I imagine udhcpc can be configured somehow to wait a while longer, too, but I didn't bother to find out... 2017-03-22 17:12:34 So after a little bit more investigation it seems that my vm is idling on boot because of sshd, any idea what to look for? Boot is stuck for about 2 minutes 2017-03-22 17:13:00 do you by any chance have urandom added to your services? 2017-03-22 17:17:17 TBB: if that question was for me.. I do not have urandom in any runlevel 2017-03-22 17:18:00 I have no idea why sshd is stuck, replacing it with dropbear I have super fast boot now... That is though not fixing my issue .. 2017-03-22 17:19:28 TBB: i added `-f` to `ifup` and `ifdown` in the startup script and it fixed it 2017-03-22 17:30:56 saidso - there is a trick you can use in /etc/init.d/urandom to add entropy - I needed it for openvswitch 2017-03-22 17:32:23 saidso - see => https://hastebin.com/uwowijuqah.rb 2017-03-22 17:34:38 if you are in kvm entropy can also be fixed properly by the host with http://wiki.qemu-project.org/Features/VirtIORNG 2017-03-22 17:35:57 tinyssh is also a good small ssh server - I use instead of dropbear as it has ed25519 ciphers 2017-03-22 18:14:51 BitL0G1c: Thanks for the links, I will have a look 2017-03-22 18:46:15 guys, anyone able to play urban-terror on Alpine ? 2017-03-22 19:27:42 terra: i had it packaged at one time, and it did used to work. but i haven't played it in many years. 2017-03-22 19:29:00 I am completely corrupted by my work. I notice there's a woman sitting a couple of benches away in this bus running Wireshark from the command line on her Linux laptop 2017-03-22 19:29:33 would I even notice otherwise... 2017-03-22 19:31:44 she's watching your chats :P 2017-03-22 19:56:39 TBB: Did you troll her by floating some entertaining packets? 2017-03-22 20:10:38 TBB: she was for sure just building some dissector not sniffing around ;) 2017-03-22 20:35:14 How do I install KDE Plasma on Alpine? 2017-03-22 20:50:22 Is dl-cdn still down? 2017-03-22 20:52:29 <_ikke_> luxio: Not down for me 2017-03-22 20:52:39 <_ikke_> http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/ works for me 2017-03-22 20:54:15 _ikke_: I'm getting some errors saying "unsatisfiable constraints" when using apk, not sure what could be causing the problem. I searched on Google and it said something about dl-* being down. 2017-03-22 20:54:51 <_ikke_> Well, what is the case is that there were some rsync issues, so not all packages might be available yet 2017-03-22 20:55:12 Is there a way to fix this? 2017-03-22 20:55:42 <_ikke_> Try to use https://nl.alpinelinux.org/alpine/ 2017-03-22 20:57:53 _ikke_: yeah still getting errors 2017-03-22 20:58:46 <_ikke_> What errors are you getting? 2017-03-22 20:59:16 ERROR: unsatisfiable contraints: 2017-03-22 20:59:32 alpine-desktop (missing):[...] 2017-03-22 21:01:00 <_ikke_> Did you add the community repo? 2017-03-22 21:01:22 No, I thought only main was needed? 2017-03-22 21:01:29 <_ikke_> nope 2017-03-22 21:01:36 <_ikke_> alpine-desktop lives in community 2017-03-22 21:01:39 <_ikke_> https://pkgs.alpinelinux.org/packages?name=alpine-desktop&branch=&repo=&arch=&maintainer= 2017-03-22 21:01:59 oh, huh 2017-03-22 21:02:03 <_ikke_> note that community is relatively new 2017-03-22 21:05:56 <^7heo> yeah, some packages are only 5 years old. 2017-03-22 21:06:19 <^7heo> so you won't find the source code for the BSD 4.4 in there. 2017-03-22 21:07:48 luxio: the name "community" is a code name for 6 months support, vs 2 years of "main". but otherwise they both live in the same git repo. 2017-03-22 21:08:14 (and download mirrors) 2017-03-22 21:09:48 <^7heo> ahah we have a package in community that is almost 7 years old. 2017-03-22 21:10:12 <^7heo> more than one actually... 2017-03-22 21:10:33 <^7heo> oh wait I'm just getting partial results 2017-03-22 21:10:40 <^7heo> damn, sorry, will need more checks 2017-03-22 21:10:44 ^7heo: you mean that there exist newer stable packages but those at community are not updated? 2017-03-22 21:10:56 what wm/de should I use? 2017-03-22 21:11:15 I want something lightweight that looks good 2017-03-22 21:11:16 xfce works well in alpine. others might too. 2017-03-22 21:11:17 <^7heo> avih: nah old stuff that was mostly untouched without upstream. 2017-03-22 21:11:22 <^7heo> but I need to re-check 2017-03-22 21:11:26 <^7heo> my logic is flawed 2017-03-22 21:11:36 <^7heo> I matched packages that were MOSTLY untouched since a long time 2017-03-22 21:11:45 <^7heo> not packages that were COMPLETELY untouched since a long time 2017-03-22 21:11:59 it's still possible that there aren't newer upstream versions.. 2017-03-22 21:12:02 <^7heo> and since you can keep a package up to date with only abump, by changing a single line... 2017-03-22 21:12:07 <^7heo> yeah that too. 2017-03-22 21:35:16 I've installed xf86-video-nouveau, but xfce is stuck at 1280x1024? 2017-03-22 21:36:36 brb I'll try rebooting 2017-03-22 21:38:19 Yeah, not going past 1280x1024 2017-03-22 21:42:53 I'm trying to use certbot but it just hangs on saving debug log to /var/log/letsencrypt/letsencrypt.log of which the contes are not very meaningful it seems https://dpaste.de/Exrc 2017-03-22 23:09:24 TheXzoron - certbot certonly --agree-tos --text --email $email --webroot -w $webroot -d $domain -d www.$domain 2017-03-22 23:09:43 been using it for 4-5 months 2017-03-22 23:25:40 UrbanTerror binary seems that only need one symbol to run on musl.. Can you check out please guys? http://pastebin.com/aX4kwzn6 2017-03-22 23:37:27 I can't get sound to work 2017-03-22 23:37:36 I have alsa-utils installed and selected the correct sound card 2017-03-22 23:37:58 terra - /usr/include/stdlib.h:double strtod (const char *__restrict, char **__restrict); 2017-03-22 23:40:41 BitL0G1c: If you intend to recompile it, I have to notice that UrbanTerror is a blob. 2017-03-22 23:45:17 it needs to be patched to work with musl - ____STRTOF_INTERNAL is a glibc macro 2017-03-22 23:53:01 luxio: you need to add your user to the audio group 2017-03-22 23:54:13 you can alsoo add the alsa service to save/restore mixer settings between reboots 2017-03-22 23:57:30 avih: Thanks, that worked 2017-03-22 23:57:38 yw 2017-03-22 23:57:54 still trying to figure out how to get xfce to 1920x1080 if anyone has an idea of how to fix that 2017-03-22 23:58:43 no experience with display hw drivers, sorry 2017-03-23 00:00:22 avih: what xrandr says? is 1920x1080 listed? "*" indicates current resolution. 2017-03-23 00:01:20 terra: my install is in vbox and i typically use forwarded x with it, so i don't mind much about xserver in alpine 2017-03-23 00:02:12 oh, that was for @luxio 2017-03-23 00:03:17 yes :) 2017-03-23 00:03:57 luxio: what xrandr says? is 1920x1080 listed? "*" indicates current resolution. 2017-03-23 00:04:32 :) in case of he/she didn't noticed 2017-03-23 00:06:35 terra: xrandr: not found 2017-03-23 00:06:56 apk add xrandr 2017-03-23 00:07:11 "Can't open display" 2017-03-23 00:08:01 aren't you on desktop or X not running? 2017-03-23 00:08:10 Xfce is running terra 2017-03-23 00:08:25 oh, oops 2017-03-23 00:08:27 ran that as rot 2017-03-23 00:08:30 ok, give that command as normal user 2017-03-23 00:08:39 Screen 0: minimum 640 x 480, current 1280 x 1024, maximum 1280 x 1024 2017-03-23 00:08:42 default connected 1280x1024+0+0 0mm x 0mm 2017-03-23 00:11:39 go to pastebin.com and paste the contents of /var/log/Xorg.0.log 2017-03-23 00:12:02 and share the link with us 2017-03-23 00:12:31 If your monitor supports 1920x1080, it shoul have detected by EDID 2017-03-23 00:24:28 terra: http://termbin.com/vx1n 2017-03-23 00:28:10 #3: hsize: 1920 vsize 1080 refresh: 60 vid: 49361 2017-03-23 00:30:08 luxio: apk add xf86-video-nouveau xf86-video-modesetting 2017-03-23 00:30:18 then restart X 2017-03-23 00:36:43 I'm still not getting 1920x1080 2017-03-23 00:36:55 :\ 2017-03-23 00:39:04 have you /etc/X11/xorg.conf ? or you running X without it? 2017-03-23 00:39:36 terra: that is not a file on my system 2017-03-23 00:43:17 luxio: try this: xrandr --output HDMI --mode 1920x1080 ; sleep 30 ; xrandr --auto 2017-03-23 00:43:45 it should return in 30secs if something goes wrong 2017-03-23 00:44:01 terra: I don't use HDMI 2017-03-23 00:44:03 I use VGA 2017-03-23 00:44:15 luxio: try this: xrandr --output VGA1 --mode 1920x1080 ; sleep 30 ; xrandr --auto 2017-03-23 00:44:52 terra: warning: output VGA1 not found; ignoring 2017-03-23 00:45:28 then pastebin "xrandr" command output 2017-03-23 00:45:51 http://termbin.com/6zx6 2017-03-23 00:50:57 luxio: what about removing fbdev video? apk del xf86-video-fbdev 2017-03-23 00:51:16 then restart X of course. 2017-03-23 00:52:44 nope 2017-03-23 00:53:11 oh sorry, you should: apk del xf86-video-vesa 2017-03-23 00:55:36 nope 2017-03-23 00:56:22 if fails again I'll need pastebin of /var/log/Xorg.0.log and "lspci -k" 2017-03-23 00:56:43 it is getting interesting 2017-03-23 00:57:00 to restart X I'm doing "rc-service lxdm stop" 2017-03-23 00:57:03 and then starting it again 2017-03-23 00:57:06 should I not be doing that? 2017-03-23 00:57:11 it is ok 2017-03-23 00:57:30 http://termbin.com/5abg 2017-03-23 00:57:38 http://termbin.com/966y 2017-03-23 01:04:30 luxio: rc-update add hwdrivers boot 2017-03-23 01:04:45 rc-service restart hwdrivers 2017-03-23 01:04:58 then restart X 2017-03-23 01:06:16 nope 2017-03-23 01:07:14 nouveau module must be listed when "lsmod" command given 2017-03-23 01:07:46 nouveau module is not loaded according to lspci -k output 2017-03-23 01:08:12 if not loaded, it must be inconflict with dome other kms module 2017-03-23 01:08:19 *some 2017-03-23 01:09:05 if you add hwdrivers service on boot runlevel, the module must have loaded properly on next reboot 2017-03-23 01:09:41 i mean "rc-update add hwdrivers boot" with no errors 2017-03-23 01:12:07 should I reboot then? 2017-03-23 01:12:30 lsmod|grep nouveau ? 2017-03-23 01:12:50 http://termbin.com/f8cz 2017-03-23 01:12:58 terra: 2017-03-23 01:14:06 apk add xf86-video-intel 2017-03-23 01:14:17 then reboot 2017-03-23 01:14:23 lets see 2017-03-23 01:18:14 still nop 2017-03-23 01:20:03 did you install intel driver? apk add xf86-video-inte 2017-03-23 01:20:05 l 2017-03-23 01:20:30 terra: yes 2017-03-23 01:22:02 Hiya guys. Any rummours when 'sys' install will be fully supported for Rasp ? 2017-03-23 01:27:58 luxio: have you onboard intel graphics? 2017-03-23 01:28:29 I use a Nvidia GTX 750ti 2017-03-23 01:28:37 your situatin is same with this guy: https://forum.alpinelinux.org/comment/849#comment-849 2017-03-23 01:28:38 but yes I also have onboard support 2017-03-23 01:29:34 I couldn't see your intel card on "lspci -k" output. Did you disable it? 2017-03-23 01:30:03 terra: http://termbin.com/1wli 2017-03-23 01:30:07 oh 2017-03-23 01:30:35 terra: I didn't deliberately disable it, no 2017-03-23 01:30:54 brb trying solution 2017-03-23 01:31:49 yeah, still not working 2017-03-23 01:33:47 as expected because nouveau module is not loaded according to your last pastebin 2017-03-23 01:34:48 echo nouveau >> /etc/modules 2017-03-23 01:35:04 then reboot 2017-03-23 01:35:42 also have nvidi+intel but no problem with drivers 2017-03-23 01:37:34 still not working :/ 2017-03-23 01:37:59 lsmod -k and /var/log/Xorg.0.log please :) 2017-03-23 01:38:20 lspci -k 2017-03-23 01:38:22 sorry 2017-03-23 01:38:28 not lsmod 2017-03-23 01:46:06 http://termbin.com/e0q4 2017-03-23 01:46:09 http://termbin.com/cf2y 2017-03-23 01:46:11 terra: 2017-03-23 01:48:11 wfbScreenInit: symbol not found 2017-03-23 01:48:50 you don't seem to have an intel graphics onboard. Are you sure? 2017-03-23 01:49:09 only nvidia visible on lspci output 2017-03-23 01:49:49 apk add pciutils 2017-03-23 01:50:11 lspci -s 02 -v 2017-03-23 01:54:03 btw, nouveau (nvidia) xorg module can't loaded because "wfbScreenInit: symbol not found" problem. 2017-03-23 01:55:52 try alpine edge 2017-03-23 01:55:59 that has been fixed :) 2017-03-23 01:56:33 :] 2017-03-23 01:57:06 luxio: ^^ 2017-03-23 08:00:40 morning 2017-03-23 08:00:46 fcolista: you about dude? 2017-03-23 08:01:03 ScrumpyJack, yes? 2017-03-23 08:05:52 anyone's firefox broken recently? 2017-03-23 08:06:37 I upgraded several packages and it looks like firefox and chrome now require me add nss 2017-03-23 09:12:21 nikolaosk: what is the exact error message? 2017-03-23 09:16:36 seems like it works for me 2017-03-23 09:35:39 hello 2017-03-23 09:35:46 hi 2017-03-23 09:36:56 I am trying Alpine Linux on a dell d430 to help a friend. Evrything looks good : really fast :-) 2017-03-23 09:37:48 but, I receive an error when I try to install, for example, a browser 2017-03-23 09:38:31 I can't find "midori" 2017-03-23 09:39:19 may be I need to add a n other repo ? 2017-03-23 09:40:59 An other problem from me, the keyboard is qwerty and I need to set it with azerty. Can you explain me how to please ? 2017-03-23 09:41:15 (I have installed xfce4) 2017-03-23 09:50:59 i think you need to add the commity repo for midori 2017-03-23 09:51:08 edit /etc/apk/repositories 2017-03-23 09:51:36 add a line which ends with "community" instead of "main" 2017-03-23 09:52:02 re azerty, in xorg or in console? 2017-03-23 09:52:26 i dont have experience with azerty sorry 2017-03-23 10:02:27 ncopa: i just updated alpine, and nss got updated. now firefox-esr doesn't run with the following error: XPCOMGlueLoad error for file /usr/lib/firefox-45.8.0/libxul.so: 2017-03-23 10:02:27 Error loading shared library libssl3.so: No such file or directory (needed by /usr/lib/firefox-45.8.0/libxul.so) 2017-03-23 10:02:27 [1]+ Exit 255 firefox 2017-03-23 10:02:27 Couldn't load XPCOM. 2017-03-23 10:02:52 is it a one-off dep issue? or is it always susceptible to such issues during deps updates? 2017-03-23 10:03:19 hum 2017-03-23 10:03:23 weird 2017-03-23 10:03:26 it works here 2017-03-23 10:03:32 avih: which mirror do you use? 2017-03-23 10:03:39 oh.. nl.alpine.. 2017-03-23 10:04:20 can you apk info -R firefox-esr 2017-03-23 10:04:37 see if you have so:libssl3.so 2017-03-23 10:04:39 also 2017-03-23 10:04:45 check what versino of nss you have 2017-03-23 10:04:47 apk version nss 2017-03-23 10:05:04 avih: it seems like there have been some issues with nss 2017-03-23 10:05:08 but i cannot reproduce it 2017-03-23 10:05:10 ncopa: http://pastebin.com/UFU5rt3r 2017-03-23 10:05:12 so i dont know what is wrong 2017-03-23 10:05:30 so:libssl3.so 2017-03-23 10:05:31 and $ apk version nss 2017-03-23 10:05:31 Installed: Available: 2017-03-23 10:05:31 nss-3.28.1-r1 = 3.28.1-r1 2017-03-23 10:05:49 can you apk info -L nss 2017-03-23 10:06:24 http://pastebin.com/trzMYyqM 2017-03-23 10:07:02 avih: what happens if you apk add nss-dev 2017-03-23 10:07:07 will it work then? 2017-03-23 10:07:11 i think i know what happened 2017-03-23 10:07:15 checking. sec 2017-03-23 10:08:10 it also got nspr-dev as dep, and yes, now firefox (esr) works 2017-03-23 10:08:16 ok 2017-03-23 10:08:20 i know what broke it 2017-03-23 10:08:26 thank you! 2017-03-23 10:08:36 fix will come shortly 2017-03-23 10:08:45 yw. so it's a one-off issue? not something which could always heppen during deps updates? 2017-03-23 10:09:00 its a one-off 2017-03-23 10:09:05 k, thx. 2017-03-23 10:14:38 ncopa: sorry, I phoned. I'm going to edit this file. About azerty : xorg and console. 2017-03-23 10:17:52 not sure how to do the azerty thing 2017-03-23 10:21:30 It's ok with community repo, I can install midori 2017-03-23 10:21:50 and it works :-) 2017-03-23 10:22:54 azerty : how to change the default language in xfce ? DDgo is not my friend ;-) 2017-03-23 10:26:02 azerty is like DST, both useless... 2017-03-23 10:26:35 benoist http://lists.busybox.net/pipermail/busybox/2010-August/073080.html 2017-03-23 10:28:56 clandmeter , yGweSm1OzVHe : thx 2017-03-23 10:29:50 benoist, sorry i wasn't really helpful. 2017-03-23 10:31:05 and for your xorg keymap i'd do an setxkbmap in your .xinitrc 2017-03-23 10:33:59 .xinitrc in ~/$USER/ I guess ? 2017-03-23 10:35:17 I have /home/user/.xsession with "/bin/sh -l ~/.xinitrc" in 2017-03-23 10:35:46 it's a normal x11 install, i don't think there's anything very much alpine specific 2017-03-23 10:39:33 benoist: here's another forum re busybox keymaps https://bbs.archlinux.org/viewtopic.php?id=191064 2017-03-23 10:47:29 thx. I found this http://docs.slackware.com/howtos:window_managers:keyboard_layout_in_xfce 2017-03-23 10:47:55 It's exactly what I did 2017-03-23 10:48:38 the kb layout is set with french only, but the plugin show me the USA flag... 2017-03-23 10:50:53 burn all the flags ;) 2017-03-23 10:51:07 :-) 2017-03-23 10:51:22 but keep the black one ;-) 2017-03-23 10:53:04 in /etc/X11/xorg.conf.d/ ther's just "20-modules.conf". I'm not confortable with X; Can I add xorg.conf ? 2017-03-23 11:02:19 service lxdm stop : azerty is ok 2017-03-23 11:25:41 have a good meal ! 2017-03-23 11:35:18 ncopa: nss/firefox fix confirmed. thanks :) 2017-03-23 11:42:59 something is still broken, build time 2017-03-23 11:43:12 /usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lcrmf 2017-03-23 11:43:20 it seems that there is a static lib 2017-03-23 11:48:51 you see this on the build automation logs? i'm guessing if you noticed it locally then you wouldn't have pushed it, right? 2017-03-23 12:30:44 so, it seems to be only in xfce (or X). LANG, LANGUAGE and LC_ALL and correctly exported and an "echo" shows "fr_FR.utf8", as root or user. 2017-03-23 12:34:05 <^7heo> how much of alpine does care about locale btw? 2017-03-23 12:34:19 <^7heo> I would be enclind*ed to say "none" 2017-03-23 12:34:29 <^7heo> but I'm sure some packages do 2017-03-23 12:35:52 I am searching for it... 2017-03-23 12:35:53 might also be agnostic in itself, and leave it up to packages configs 2017-03-23 12:43:47 1/ adding "export" directives for LANG LANGUAGE and LC_ALL with "fr_FR.utf8" in /etc/xdg/xfce4/xinitrc 2017-03-23 12:44:10 2/ cp -fv /etc/xdg/xfce4/xinitrc ~/.xinitrc 2017-03-23 12:45:40 the applications menu is now in french. The kb layout is qwerty and all strings are in english. 2017-03-23 12:45:52 <^7heo> ncopa: do we actually use the locale? 2017-03-23 12:46:02 <^7heo> benoist: that's what I'm saying 2017-03-23 12:46:20 <^7heo> benoist: your app is coded to honor the locale setting, so it's in French. 2017-03-23 12:46:28 <^7heo> benoist: but the alpine system doesn't have such a setting. 2017-03-23 12:46:39 <^7heo> benoist: you'd have to configure all the different parts by yourself. 2017-03-23 12:47:13 ^7heo: big job... 2017-03-23 12:47:21 <^7heo> benoist: i.e. use setxkbmap for the keyboard. 2017-03-23 12:47:26 <^7heo> for example. 2017-03-23 12:48:06 setxkbmap has no effect. I try it again 2017-03-23 12:48:36 doesn't xfce have a locale/input tray applet? 2017-03-23 12:48:57 yes, but there just en_US 2017-03-23 12:49:01 ^7heo: yes i think glib might use locale 2017-03-23 12:49:20 <^7heo> ncopa: ok :) 2017-03-23 12:49:21 i think we have -lang subpackages with the locales 2017-03-23 12:49:24 benoist: are there locale packages? for xfce or otherwise? 2017-03-23 12:49:30 <^7heo> ncopa: but how much do we use them? 2017-03-23 12:49:51 avih: I don't find it for the moment 2017-03-23 12:50:37 apk search -- -lang 2017-03-23 13:07:09 hello, what's the upgrade system like for Alpine? I'm looking for something stable that I can install on a BeagleBone Black 2017-03-23 13:07:28 preferably something that just receives security patches, and nothing else 2017-03-23 13:08:39 I was running Void Linux, but it's rolling release and every now and then things would just fall over (which is not great for a remote system) 2017-03-23 13:08:41 <^7heo> drgibbon: you might want to run from ram 2017-03-23 13:08:50 <^7heo> drgibbon: and flash the system every now and then 2017-03-23 13:08:55 ncopa: I'm going to try it. I did it with "*lang". 2017-03-23 13:10:06 drgibbon: we do stable branches from the rolling branch every 6 months 2017-03-23 13:10:34 ok thanks :) 2017-03-23 13:24:12 guys, is there any rumours when sys install will be officially supported on Raspi? 2017-03-23 13:51:53 I'm trying to install AL remotely, all I have is a disk and the provider supoprts booting in "rescue" mode 2017-03-23 13:53:08 so i dd a custom iso onto the disk and boot off it, it loads my remote apkovl fine and i ssh in 2017-03-23 13:53:53 just scratching my head as to what to do next 2017-03-23 13:55:49 ok, kb layout and ndefault laguage are ok. 2017-03-23 13:56:00 I did the following : 2017-03-23 13:56:10 apk add setupxkbmap; setupxkbmap fr 2017-03-23 13:56:41 adding the last directive in /etc/xdg/xfce4/xinitrc 2017-03-23 13:57:19 now, I can reboot and use xfce in french with azerty. 2017-03-23 14:09:41 can I switch to alpin edge w/o reinstalling? 2017-03-23 14:10:49 oh nevermind i don't think i want to do that 2017-03-23 14:11:27 kaniini: I can't use an nvidia card without alpine edge? 2017-03-23 14:15:39 luxio: yes you can and also switch back - but with some luck 2017-03-23 14:15:48 anything edge is no guarantees 2017-03-23 14:15:53 so it might also burn down 2017-03-23 14:15:55 luxio: fwiw i use a nvidia NVS 510 quite happily with nouveau driver 2017-03-23 14:16:17 what you'll likely want (if you need) is apk-static upgrade --simulate 2017-03-23 14:17:07 ScrumpyJack: How? My driver doesn't seem to be loading at all 2017-03-23 14:17:30 21:54 btw, nouveau (nvidia) xorg module can't loaded because "wfbScreenInit: symbol not found" problem. 2017-03-23 14:17:33 21:55 <@kaniini> try alpine edge 2017-03-23 14:17:35 21:55 <@kaniini> that has been fixed :) 2017-03-23 14:17:48 you have xf86-video-nouveau? 2017-03-23 14:18:26 yes 2017-03-23 14:22:59 do lspci -k as root to check what kernel driver is loaded for your nvidia device 2017-03-23 14:23:52 what do you get for Kernel driver in use: 2017-03-23 14:27:30 ScrumpyJack: http://termbin.com/b9yu 2017-03-23 14:30:33 luxio: do `apk update && apk add pciutils` and try again 2017-03-23 14:30:53 ScrumpyJack: http://termbin.com/0eyd 2017-03-23 14:32:01 no driver loaded 2017-03-23 14:32:27 well yeah 2017-03-23 14:32:30 look @ messages above 2017-03-23 14:32:48 so you'll need to load the module 2017-03-23 14:33:09 how? 2017-03-23 14:41:30 can you show us /etc/modules ? 2017-03-23 14:44:47 ScrumpyJack: http://termbin.com/ew5m 2017-03-23 14:45:27 is you card here? https://nouveau.freedesktop.org/wiki/CodeNames/ 2017-03-23 14:46:14 yes 2017-03-23 14:46:16 NV117 2017-03-23 14:46:17 GTX 750 Ti 2017-03-23 14:47:00 ncopa: no wireless card seen. I added wpa_supplicant and wireless-tools before to add b43 to /etc/modules and "modprobe b43". After reboot, b43 is loaded but during the boot wpa_supplicant can't start. Could you give me a way to solve it ? 2017-03-23 14:47:45 I added b43-fwcutter to 2017-03-23 14:48:19 luxio: can you show me the output of lsmod as root 2017-03-23 14:48:50 ScrumpyJack: http://termbin.com/7zuh 2017-03-23 14:49:51 benoist: does dmesg give you any hint? 2017-03-23 14:50:12 the b43-fwcutter is a tool to extract the firmware from closed source driver 2017-03-23 14:50:27 i used it on one of my older laptops 2017-03-23 14:50:32 but i dont remember the details 2017-03-23 14:50:39 <^7heo> damn 2017-03-23 14:50:40 luxio: you'll need to blacklist i915 2017-03-23 14:50:46 <^7heo> "extract the firmware from closed source driver" 2017-03-23 14:50:50 <^7heo> I wanna cry when I read that. 2017-03-23 14:51:25 ScrumpyJack: How do I do that? 2017-03-23 14:51:41 ncopa: b43 ssb0:0: direct firmawre load for b43/ucode5.fw failed with error -2 2017-03-23 14:51:51 and fex lines more 2017-03-23 14:51:57 *few 2017-03-23 14:52:18 right 2017-03-23 14:52:47 i think you need extract the firmware from some closed source driver using b43-fwcutter 2017-03-23 14:53:05 luxio: dunno. try echo "blacklist i915" >> /etc/modprobe.d/blacklist 2017-03-23 14:54:43 ok. brb 2017-03-23 14:55:30 benoist: http://linuxwireless.org/en/users/Drivers/b43/#Other_distributions_not_mentioned_above 2017-03-23 14:56:18 nope, still isn't working 2017-03-23 14:58:07 benoist: i have an old b43 package somewhere if you like 2017-03-23 14:58:38 ScrumpyJack: why not ? :-) 2017-03-23 14:58:59 st.ilet.to/b43-firmware-4.150.10.5-r0.apk 2017-03-23 14:59:19 luxio: is i915 still loaded? 2017-03-23 15:00:24 ScrumpyJack: How do I check? 2017-03-23 15:00:26 lsmod 2017-03-23 15:00:31 lsmod |grep i915 2017-03-23 15:00:35 as root 2017-03-23 15:00:55 ScrumpyJack: seems like it yeah 2017-03-23 15:00:58 http://termbin.com/dtek 2017-03-23 15:01:29 luxio: you'll need to figure out how to blacklist on AL, or peraps rename the module to it can't be found 2017-03-23 15:01:32 oh 2017-03-23 15:01:41 there is a b43-firware non-free package 2017-03-23 15:01:58 second solution is not good but you could do it temp to test 2017-03-23 15:03:11 ncopa: i like it that you are still surprised by stuff :) 2017-03-23 15:03:49 :) 2017-03-23 15:04:14 Author: Natanael Copa 2017-03-23 15:04:14 Date: Fri Jul 10 17:41:05 2009 +0000 2017-03-23 15:04:34 the APKBUILD looks broken 2017-03-23 15:05:36 luxio: try echo "mv /etc/modprobe.d/blacklist /etc/modprobe.d/blacklist.conf" 2017-03-23 15:05:47 ScrumpyJack: I had blacklist.conf in the first place 2017-03-23 15:05:52 that's where I added the blacklist line 2017-03-23 15:05:58 ScrumpyJack: how to pas trought the untrusted signature ? 2017-03-23 15:06:10 --allow-untrusted 2017-03-23 15:06:16 inpect the apk first 2017-03-23 15:06:22 inspect even 2017-03-23 15:06:49 of course... --help is my friend; sorry 2017-03-23 15:07:12 luxio: the bottom of this wiki entry shows an example of blacklisting https://wiki.alpinelinux.org/wiki/Xen_PCI_Passthrough 2017-03-23 15:09:04 ScrumpyJack: Yes, that's what I did 2017-03-23 15:09:07 except I used "echo >>" 2017-03-23 15:10:51 luxio if i915 is loaded from initramfs you'll need to run mkinitfs 2017-03-23 15:10:53 ScrumpyJack: better but not enought ;-) 2017-03-23 15:11:07 what happend? 2017-03-23 15:11:33 ScrumpyJack: ok. do I need to mount /boot first? 2017-03-23 15:11:42 used to have to do that on gentoo 2017-03-23 15:11:49 now, wpa_supplicant can start but failed cause there is not a config file 2017-03-23 15:13:57 benoist: run iwlist wlan0 scanning and find your SSID 2017-03-23 15:14:17 then run wpa_passphrase $SSID > $SSID.conf 2017-03-23 15:14:40 and enter the wifi password after you hit return 2017-03-23 15:15:05 ScrumpyJack: nop. "Network is down 2017-03-23 15:15:06 than pass the config file wpa_supplicant -B -Dwext -iwlan0 -c $SSID.conf 2017-03-23 15:15:12 ip link set wlan0 up 2017-03-23 15:16:02 great ! 2017-03-23 15:16:34 so, now I need to follow the steps described in the the wiki I gess 2017-03-23 15:16:47 sure. to do what? 2017-03-23 15:18:24 make my friend's life easier... ;-) 2017-03-23 15:19:17 have you auth'ed with your wifi AP? 2017-03-23 15:20:39 I did mkinitfs and it's still not working 2017-03-23 15:20:53 ScrumpyJack: working progress... 2017-03-23 15:21:14 luxio: i915 still loaded? 2017-03-23 15:22:24 yes ScrumpyJack 2017-03-23 15:22:39 do you see it with ls /lib/modules/`uname -r`/kernel/drivers/gpu/drm/ 2017-03-23 15:23:13 ScrumpyJack: I see a folder there yeah 2017-03-23 15:23:58 like I pasted before though, I don't know if disabling it is a good idea. nouveau couldn't be loaded becaues of an error. 2017-03-23 15:26:54 yeah, disable it. you can always enable it again 2017-03-23 15:27:45 rename i915.ko to 2017-03-23 15:27:51 _i915.ko or something 2017-03-23 15:28:26 at worst you'll have to boot off a cd-rom 2017-03-23 15:29:50 ScrumpyJack: ok. brb rebooting 2017-03-23 15:31:52 nope still not fixed 2017-03-23 15:39:42 i915 module still loaded? 2017-03-23 15:41:02 ScrumpyJack: nop 2017-03-23 15:41:30 how about nouvuea 2017-03-23 15:41:43 yep 2017-03-23 15:43:57 so what's happening now - what are you expecting to see that you're not? 2017-03-23 15:44:22 1920x1080 in xfce 2017-03-23 15:45:25 does lspci show nouveau loaded for your NV card? 2017-03-23 15:46:11 video 28443 1 nouveau 2017-03-23 15:46:46 and lspci confirms that? 2017-03-23 15:47:22 ScrumpyJack: that's a line from lspci 2017-03-23 15:47:49 that's lsmod 2017-03-23 15:47:55 oh 2017-03-23 15:48:39 01:00.0 VGA compatible controller: NVIDIA Corporation GM107 [GeForce GTX 750 Ti] (rev a2) 2017-03-23 15:48:48 grep nouveau says nothing 2017-03-23 15:50:08 can you do lspci -k and show me the output 2017-03-23 15:50:42 ScrumpyJack: http://termbin.com/7y0f 2017-03-23 15:51:46 boo! 2017-03-23 15:52:12 hm? 2017-03-23 15:53:15 well it's not working ... boo 2017-03-23 15:53:42 yeah it fails to load 2017-03-23 15:53:46 i said that a while ago 2017-03-23 16:01:15 It's not completed, but it's better. I need to go to work and I thank you for your help. Have a good time ! :-) 2017-03-23 16:03:03 luxio: i'm out of ideas without being at the screen 2017-03-23 16:05:20 there is probably a way of getting the kernel to use nouveau for that particular device 03:00 2017-03-23 16:08:13 optimus setups are a disaster on linux 2017-03-23 16:08:16 just fyi 2017-03-23 16:10:26 luxio: can i see sudo modinfo nouveau 2017-03-23 16:20:25 kaniini: they really are 2017-03-23 16:22:00 luxio: i have to go but basically you need to find your divice in /sys going by your lspci it could be /sys/devices/pci0000\:00/0000\:00\:01.0/subsystem/drivers/nouveau/ 2017-03-23 16:23:41 then bind your device to the nouveau module. you'll see a file called bind in there. 'echo "your_dev_id" > bind' to, well, bind your gfx card 2017-03-23 16:25:04 in mean cd /sys/bus/pci/drivers/nouveau 2017-03-23 16:25:11 and bind 2017-03-23 16:26:50 echo "your_dev_id" > bind 2017-03-23 16:27:29 mine is 0000:05:00.0 - i think your is 0000:01:00.0 2017-03-23 16:48:38 hi folks 2017-03-23 16:49:49 is there any guide for installing alpine on a zfs root? 2017-03-23 16:49:57 <^7heo> yeah good questoin. 2017-03-23 16:49:59 <^7heo> s/oin/ion/ 2017-03-23 16:53:37 Seems like Alpine is refusing to boot. What do I add to the boot stanza when using an SD card? 2017-03-23 16:53:55 the kernel line 2017-03-23 16:54:37 <^7heo> Chlorophytus: we'd need a little more info than that. 2017-03-23 16:54:46 <^7heo> i.e. what did you try, and what happened? 2017-03-23 16:55:09 <^7heo> Also, "refusing to boot" is too vague. 2017-03-23 16:55:25 <^7heo> s/Also/i.e./ 2017-03-23 16:55:34 Eh just chainload from GRUB2. Dropped to emergency shell. 2017-03-23 16:56:49 I really shouldn't be chainloading this, I will try the approach where I type in the kernel line myself on EFI Shell. 2017-03-23 16:58:45 <^7heo> ah grub2. 2017-03-23 16:58:48 <^7heo> it's out of my league. 2017-03-23 16:58:59 <^7heo> sorry 2017-03-23 17:01:31 it's k, shouldn't have done it 2017-03-23 17:01:42 well, I shouldn't have 2017-03-23 17:04:39 awesome, i've got it to work :) 2017-03-23 17:05:40 i'll just linger around, this is a good distro. eh. just used to the command line... 2017-03-23 17:20:57 anyone using grmls zsh config? 2017-03-23 18:26:12 hello there 2017-03-23 18:26:20 is systemd supported on alpine? 2017-03-23 18:26:38 no, systemd doesn't support building against musl 2017-03-23 18:26:54 thought so, thanks 2017-03-23 18:27:06 but then why this? https://pkgs.alpinelinux.org/contents?file=&path=%2Fusr%2Flib%2Fsystemd*&name=&branch=edge&repo=&arch=x86_64 2017-03-23 18:27:12 :p 2017-03-23 18:27:34 because some programs link to it 2017-03-23 18:28:01 well 2017-03-23 18:28:15 i don't think services files are needed 2017-03-23 18:28:28 it's probably clutter from upstream that is needed in the case of flatpak 2017-03-23 18:29:20 (probably?) 2017-03-23 18:29:21 oh yes 2017-03-23 18:29:22 idk 2017-03-23 18:29:32 fatpack 2017-03-23 18:44:33 odc: i think if one needs to install an application that links to systemd-specific things then it's a lost case already and trying to minimize it would be a lot work 2017-03-23 18:47:20 darkfader: agreed. I don't care about systemd. I just wanted to point out the sloppy work ;) 2017-03-23 18:47:30 :) 2017-03-23 20:51:38 I have a problem I upgraded my vps install of alpine and ir ran into an error https://dpaste.de/WkFa and now the ssh session has terminated and won't reconnect 2017-03-23 20:52:07 should be able to just reboot it 2017-03-23 20:52:16 i dont see anything indicating breakage there 2017-03-23 20:52:39 so hard reboot the vps? 2017-03-23 20:52:57 yeah worth a shot 2017-03-23 20:55:31 now it just says failed to connect to host 2017-03-23 21:00:49 hmm 2017-03-23 21:12:23 provisioned a new vps with alpine and the same thing happens once I run apk update and apk upgrade 2017-03-23 21:12:46 I still have 1 active connection to the new vps so what should I do 2017-03-23 21:17:30 <_ikke_> TheXzoron: What version of alpine? 2017-03-23 21:17:39 <_ikke_> latest-stable, ok 2017-03-23 21:17:46 latest-stable 2017-03-23 21:19:40 <_ikke_> So until 3.4, openssl provided that binary, but 3.5+, it's part of ca-certificates 2017-03-23 21:19:52 <_ikke_> (openssl was replaced by libressl 2017-03-23 21:21:02 makes sense since the vps starts out at 3.3 2017-03-23 21:22:17 <_ikke_> So you might need to manually remove openssl 2017-03-23 21:22:23 <_ikke_> but not sure 2017-03-23 21:23:04 <_ikke_> openssl conflicts with ca-certificates, but no conflicts are defined 2017-03-23 21:24:32 <_ikke_> 3.5 does not provide openssl, but apparently it's not removed 2017-03-23 21:25:34 hmm 2017-03-23 21:25:44 ca-certificates needs replaces=openssl 2017-03-23 21:29:14 TheXzoron: i am fixing 3.5 ca-certificates to replace the right thing 2017-03-23 21:29:29 TheXzoron: it should resolve this problem 2017-03-23 21:29:46 16:29 build-3-5-armhf: files from v3.5.2-16-g53ad101cf8 uploaded to main 2017-03-23 21:30:56 kaniini: alright thanks I'll provision a new vps again once that happens as I lost the ability to connect to this one aswell :) 2017-03-23 21:31:05 <_ikke_> no remote console? 2017-03-23 21:31:19 yes but apearently it won't let me log in as root 2017-03-23 21:31:42 and I didn't create a user yet 2017-03-23 21:32:14 i do not think scaleway is vps 2017-03-23 21:34:30 what would it be then? 2017-03-23 21:44:47 TheXzoron: iirc it is basically raspberry pi's 2017-03-23 21:45:14 <_ikke_> They have different platforms iirc 2017-03-23 22:04:18 kaniini: what's with ca-certs? 2017-03-23 22:05:20 also looks like let's encrypt server certs can't be verified 2017-03-23 22:06:20 you probably need the full chain (cert + intermediates) 2017-03-23 22:06:52 don't let's enc publish their CAs now? 2017-03-23 22:07:37 ISRG was recently added to mozilla's ca certd, afaik 2017-03-23 22:07:55 thus you need the cross-signed ISRG CA and the LE CA 2017-03-23 22:09:10 ScrumpyJack: upgrade from 3.4 had a conflict 2017-03-23 22:41:31 in home dir, the login shell executes .profile then .ashrc and that's it correct? 2017-03-23 22:43:21 is there a .ash_login or .ash_profile that will get executed if it exists? 2017-03-23 22:43:25 doesn't seem like it 2017-03-23 22:45:29 try strace 2017-03-23 22:52:19 atomi - I just use .profile 2017-03-23 22:53:54 see Files at the end https://linux.die.net/man/1/ash 2017-03-23 23:00:25 hey, could someone tell me what the minimum amount of RAM needed for a sys mode install is? Or the fewest you have gotten away with? 2017-03-23 23:02:06 BitL0G1c, ty sir 2017-03-23 23:49:52 Skele - Alpine with just openssh is 25 meg ram in kvm - if you use tinyssh it would be a little less 2017-03-24 00:04:43 hi I am trying to integrate msmtp with alpine-linux and wordpress who should own the configuration file should it be apache www-data or root and if so what permissions? 2017-03-24 10:32:23 okay, I'm a couple of months late but I'm now basically preparing that single-file secure boot kernel thing I talked about 2017-03-24 10:33:42 so I wanted to have opinions on where people prefer to keep their signing keys for that thing... options at this point are either a security token, the file system or possibly some GPG hack 2017-03-24 10:35:15 keeping them unencrypted in the filesystem is probably a very bad idea 2017-03-24 10:46:37 <^7heo> I want to get some physical device 2017-03-24 10:46:43 <^7heo> that has two operation modes 2017-03-24 10:46:53 <^7heo> 1. sign blob 2017-03-24 10:46:58 <^7heo> 2. decrypt blob 2017-03-24 10:47:12 <^7heo> and I want that device to only expose the public key 2017-03-24 10:47:16 <^7heo> so basically 2017-03-24 10:47:20 <^7heo> you have a private key 2017-03-24 10:47:24 <^7heo> IN the device 2017-03-24 10:47:27 <^7heo> generated ONCE 2017-03-24 10:47:42 <^7heo> and it can not leak, it can only be used WITH the device. 2017-03-24 10:48:45 <^7heo> the problem is that this device will have a limit of the size of what it can sign/decrypt 2017-03-24 10:49:17 true, which is why you usually don't use for decryption, mostly just verifying signed hashes (if I understand correctly) 2017-03-24 10:49:18 <^7heo> anything else is pointless imho. 2017-03-24 10:49:30 <^7heo> nah 2017-03-24 10:49:42 <^7heo> you use the public key for both checking the signatures and encrypting. 2017-03-24 10:49:56 there's one little problem with the strategy you suggested though, even though it is sensible 2017-03-24 10:49:57 <^7heo> you use the private key for both signing and decrypting. 2017-03-24 10:50:44 being, if you generate the keys inside a security token and do it properly, in other words so that you can't get the private key written out, then that token becomes a single point of failure 2017-03-24 10:50:55 <^7heo> yeah exactly. 2017-03-24 10:50:57 <^7heo> that's by design. 2017-03-24 10:51:34 <^7heo> the token in question needs actually 4 features, and exactly 4. 2017-03-24 10:52:03 <^7heo> the two I quoted, the one thing I said as "not a feature" which is exposing the public key 2017-03-24 10:52:24 <^7heo> and another one: exporting the revokation certificate once. 2017-03-24 10:52:49 <^7heo> it's up to you to store it properly. 2017-03-24 10:53:00 mhm, makes sense 2017-03-24 10:53:02 <^7heo> ideally 2017-03-24 10:53:07 <^7heo> there would be 2 tokens 2017-03-24 10:53:12 <^7heo> physical ones 2017-03-24 10:53:23 <^7heo> the one I'm telling about 2017-03-24 10:53:57 <^7heo> and the other one being a write-once revocation-storage 2017-03-24 10:54:11 <^7heo> that you can plug the other token into 2017-03-24 10:54:21 <^7heo> so to generate that revocation storage once and for all. 2017-03-24 10:55:04 <^7heo> so yeha 2017-03-24 10:55:06 <^7heo> yeah* 2017-03-24 10:55:08 <^7heo> that's a device I want. 2017-03-24 11:12:44 you guys are going over the top there 2017-03-24 11:13:06 you're optimizing one security detail 2017-03-24 11:13:20 but it's not the common source of breach 2017-03-24 11:13:56 you will want to run your computer mostly in a booted state, and the real secrets will probably be loaded in ram 2017-03-24 11:14:14 all you can do is not put it on the internet directly 2017-03-24 11:14:35 and physically secure the site (i'm sure you haven't done that :P) 2017-03-24 11:37:46 <^7heo> hiro: yeah but it's not because we can't secure A that we shouldn't secure B. 2017-03-24 11:38:04 <^7heo> sure it won't improve the security for now. 2017-03-24 11:38:12 <^7heo> but it will not hurt. 2017-03-24 11:41:40 time is limited 2017-03-24 11:41:47 that's how it hurts 2017-03-24 11:42:20 if you do things that have no concretely useful effect you're wasting time better spent on actually useful things 2017-03-24 11:42:36 also it gives everybody around you a wrong sense of importance 2017-03-24 11:43:01 while they might not choose to be distracted by such topics if they aren't even worth it 2017-03-24 11:43:35 and it's not like you're working on one closed, controled system that wil gradually improve, and if not in your lifetime then generations later 2017-03-24 11:44:11 this whole IT bullshit is extremely volatile and there's barely any iterative progress in the last 10 years 2017-03-24 11:46:02 so it has to work and be useful now, or it will never happen. 2017-03-24 11:55:37 <^7heo> I agree with you that it's easier to secure that than secure the RAM of the computers. 2017-03-24 11:56:00 <^7heo> however I want to secure that, we're enough humans that other people would figure out the rest. 2017-03-24 11:58:49 I don't see the problem you describe, hiro, in implementing Secure Boot and managing the keys for it. and naturally it is not the only component providing security. in my use case at least this is a perfectly justifiable thing to do. 2017-03-24 12:06:42 well, it's a waste of time, and in my opinion 2017-03-24 12:06:53 your's will naturally differ :) 2017-03-24 12:07:20 i don't believe in this way of labour division 2017-03-24 12:07:35 let's just say that my use case is untypical 2017-03-24 12:07:45 i don't think anything will work out in the long-term without better priorization 2017-03-24 12:08:11 TBB: ok. it sounded like you were gonna build a generic solution at first. 2017-03-24 12:09:56 I'm sort of doing that too; the methods for doing Secure Boot are well known but they're not necessarily widely packaged into tool form, and one of the reasons is the question of key management, I guess 2017-03-24 12:15:10 i have an encrypted home dir 2017-03-24 12:15:34 i don't get what people pretend to gain from further fuckery 2017-03-24 12:15:48 in my experience it just makes administration a pain most of all 2017-03-24 12:16:10 and for like security level 2 i just have a *seperate* rarely mounted partition 2017-03-24 12:21:29 FDE is so mom wont find your stash of unicorn anime movies. =) 2017-03-24 12:24:32 no, just bec. of work shit 2017-03-24 12:25:05 fde is useless 2017-03-24 12:26:14 the real test is: do you turn off your laptop when you travel 2017-03-24 12:26:52 if you don't then fde is not just useless but also laughable. 2017-03-24 12:27:15 and worse than my unmounted partition while my computer is in suspend 2017-03-24 12:27:37 less user friendly and at the same time less secure... why! 2017-03-24 12:34:21 hiro: argh 2017-03-24 12:34:40 you act as if it's binary and no other factors apply 2017-03-24 12:34:57 IF i travel to a questional country or have specific data they might want 2017-03-24 12:35:07 THEN I'll turn it off during the travel 2017-03-24 12:35:30 IF it gets stolen by randoms in *any* (on or off) state, FDE is enough 2017-03-24 12:35:50 IF I don't go to a hostile place, encryption doesn't HURT me 2017-03-24 12:36:12 BUT I can't suddenly turn an unencrypted device into an encrypted one, so it needs to be IN PLACE 2017-03-24 12:36:50 it's just 5 years since I needed to FDE a whole team's laptops a week before going to the airport 2017-03-24 12:37:09 back then there was no cpu offload and FDE drives (too) were hard to get 2017-03-24 12:37:36 but it was likely that the dest country we worked for might just wanna have those sources... so 2017-03-24 12:38:10 (non military stuff but that isn't enough to be left alone) 2017-03-24 12:39:11 i got secure boot on the mostly-useless list for devices you keep around 2017-03-24 12:39:35 phone base stations etc. all need it (they used trusted grub years ago) 2017-03-24 12:41:02 I don't know how useless it is really. when you harden a laptop you block booting from external sources, so one attack is to change the kernel and/or the initramfs. secure boot mitigates that somewhat, although arguably you can always just reset the firmware 2017-03-24 12:48:46 but since I'm a big believer in layered security... why not 2017-03-24 12:51:42 TBB: ack, i suppose if i play with TPM at some point i'll make more use of all that 2017-03-24 13:21:35 13:36 darkf BUT I can't suddenly turn an unencrypted device into an encrypted one, so it needs to be IN PLACE 2017-03-24 13:21:36 granted 2017-03-24 13:23:34 it's the first good argument for encrypting non-important data i've heard, but it does convince me immediately :) 2017-03-24 13:23:58 i do know it is a fucking hassle to change from an encrypted drive to a non-encrypted. 2017-03-24 13:24:06 so yes, the opposite should be the same. 2017-03-24 13:24:53 i'm a big believer in trying to keep the layers down to the bare minimum possible. 2017-03-24 13:24:58 because of complexity 2017-03-24 13:25:57 plainly i'm not clever enough to understand too many complex layers. 2017-03-24 14:20:36 hiro: your "secure stage" mount is a super practical thing 2017-03-24 14:21:34 i like file-backed most for that because then i can make sure my backup only includes the encrypted thing and not the mounted versiob 2017-03-24 14:21:45 which is the big fallacy with FDE in my case 2017-03-24 14:22:08 unless i start encrypting my backup server and having a smart card to unlock a restore 2017-03-24 14:22:34 which would be totally fine if i had nothing else do in my life :( 2017-03-24 14:27:02 <^7heo> < hiro> it's the first good argument for encrypting non-important data i've heard, but it does convince me immediately :) 2017-03-24 14:28:07 <^7heo> I thought it was self-explanatory 2017-03-24 14:28:23 there are many wrong arguments claimed all the time about this topic 2017-03-24 14:28:44 i often have conversations with non-tech people who ask me why i don't use fde 2017-03-24 14:29:04 cause *sadly* they found out it exists and wasting their time with it now... 2017-03-24 14:29:14 can't even help them back up their systems any more :D 2017-03-24 14:29:21 or recover their deleted files. 2017-03-24 14:29:46 i think with a very structured OS like Nix you couldn't even make that argument because then it'd be "copy data, flip two lines of system config, copy back" 2017-03-24 14:29:59 but for the non-cool OS, it's a f**** hassle 2017-03-24 14:30:01 darkfader: with file-baacked you mean you mount raw images? 2017-03-24 14:30:19 hiro: yeah, where you loop-mount them or so 2017-03-24 14:30:28 or truecrype when it was still around 2017-03-24 14:30:38 ah, typos ftw. i'll go have lunch :) 2017-03-24 14:30:47 i am *having* lunch right now :D 2017-03-24 14:31:03 lots of rice on the keyboard, no excuse 2017-03-24 14:31:58 i was thinking of using qcow2, but you can't directly mount them without that qemu nbd stuff, and it makes me wonder how stable it will be... 2017-03-24 14:32:20 it's just not common enough for me to feel like i should trust it for *important* data. 2017-03-24 14:32:58 but for backups i should probably move from a partition to a sparse img like you propose. 2017-03-24 14:33:11 if only sparse images were better supported by rsync and the like! 2017-03-24 14:33:20 it's all very ugly to use. 2017-03-24 15:24:29 anyone know of any hosting providers that offer alpine-linux as an option? 2017-03-24 15:24:55 looking at linode and digitalocean it doesnt appear they support it 2017-03-24 15:25:03 bb soon to see replies 2017-03-24 15:27:57 thanks in advance 2017-03-24 15:31:29 transhuman_: scaleway 2017-03-24 15:34:41 <^7heo> transhuman_: vultr allow to use any iso to setup your syste, 2017-03-24 15:34:43 <^7heo> system 2017-03-24 15:49:36 vultr actually has the alpine 64-bit iso included in their ISO library now 2017-03-24 15:49:47 though you can still add your own version if you like 2017-03-24 15:52:37 :-) 2017-03-24 15:52:55 do they show hashes on the ones in their library? 2017-03-24 15:53:13 obviously you can't check it yourself but it would be nice to know they claim it's the same as the official one 2017-03-24 15:53:30 i usually don't trust hosting providers to be providing the unmodified distros 2017-03-24 15:54:07 because they often have wacky stuff like scripts to import ssh keys from the hosting panel and other things that could impact security or functionality 2017-03-24 16:05:29 <^7heo> some however clearly indicate that if you don't run the standard ones they built 2017-03-24 16:05:39 <^7heo> you'll have no support for integration 2017-03-24 16:23:29 transhuman_: i recommend ramnode's kvm option 2017-03-24 16:31:31 thanks hiro 2017-03-24 17:40:41 thanks scadu ^7heo 2017-03-24 17:41:08 transhuman_: scaleway seems to be pretty transparent. see their github. 2017-03-24 18:32:48 scadu: thanks and question for you it says flexible ipv4 address is that another way of saying dynamic? 2017-03-24 18:34:57 transhuman_: from their site: "To reinstall your server, simply delete your existing server. When you delete your server, your flexible IP address is kept in your account and you can spawn a new server with the same IP address." 2017-03-24 18:35:10 transhuman_: not sure if the answer satisfies you. 2017-03-24 18:36:39 well, it doesn't answer the question but I guess if it never changes then it would be a static IP address in function rather than by whatever internet organization would refer to as static 2017-03-24 18:36:44 good enough thanks 2017-03-24 19:06:34 is there a way to increase the size of the ramdisk allocated for / so I can install more packages? 2017-03-24 19:09:16 looking at /usr/share/mkinitfs/initramfs-init, maybe it's root_size 2017-03-24 19:09:53 or rootflags=size=... 2017-03-24 19:11:02 I wonder where the default size is defined... 2017-03-24 19:12:01 ahills, why do you assume it's limited size? 2017-03-24 19:12:10 normally tmpfs is unlimited unless you provide a limit 2017-03-24 19:12:12 dalias: because I run out of space trying to install packages :) 2017-03-24 19:12:25 so, you mean it's hitting a RAM limit? 2017-03-24 19:13:28 not sure 2017-03-24 19:13:32 ahills: do a df and a free and see what you have. 2017-03-24 19:14:22 I hit that spinning up a vm. 2017-03-24 19:14:33 TemptorSent: Mem: 998 742 255 (total/used/free MiB), df shows 499.0M 457.2M 41.9M 92% / 2017-03-24 19:14:48 so, as per man 5 tmpfs, it's set to half available RAM 2017-03-24 19:15:26 dalias: should the tmpfs at / be growing? 2017-03-24 19:16:28 oh I see, you can only specify an upper limit 2017-03-24 19:16:35 tmpfs doesn't have a fixed size 2017-03-24 19:16:43 this is not 1995 with ramdisk block devices 2017-03-24 19:17:04 tmpfs is just normal vfs with no on-disk-fs backing behind it 2017-03-24 19:17:06 I did not have ramdisk block devices in 1995 2017-03-24 19:17:14 :) 2017-03-24 19:17:19 Sorry about that, found an illegal instruction somehow? 2017-03-24 19:17:23 i mean it's not the design from decades ago 2017-03-24 19:17:45 tmpfs will back to swap IIRC? 2017-03-24 19:17:58 yeah it can get swapped out 2017-03-24 19:18:03 having now read /usr/share/mkinitfs/initramfs-init and tmpfs(5), I think I have my answer 2017-03-24 19:18:08 time to try it 2017-03-24 19:18:20 i don't think the initramfs is relevant 2017-03-24 19:18:25 ahills: Yeah, working on rewriting initramfs-init as we speak. 2017-03-24 19:18:26 is not the initramfs 2017-03-24 19:18:29 is it? 2017-03-24 19:18:44 i thought a new tmpfs was mounted after the initramfs phase of booting 2017-03-24 19:18:45 dalias: Yes, that's what sets up the tmpfs 2017-03-24 19:18:59 dalias: no, I read that to figure out if there's a way to specify the size of the tmpfs, found out that I can specify the upper limit, and increase it beyond the default of half available RAM 2017-03-24 19:19:02 dalias: It will take options from the sysroot/etc/fstab 2017-03-24 19:19:41 or, in the case of this system, it will take them from the kernel command line 2017-03-24 19:19:56 ahills: Yes, you can specify the rootflags=size=$size 2017-03-24 19:20:29 I'm about to remove the obsolete root_size option. 2017-03-24 19:20:44 which wiki document would this most belong in? 2017-03-24 19:20:49 I'll add it in a minute 2017-03-24 19:21:05 I spent too long searching for this before remembering alpine source code is easy to read 2017-03-24 19:21:12 ahills: Good question -- I haven't even tried to figure out where it is currently documented. 2017-03-24 19:21:17 it is not 2017-03-24 19:21:21 is the answer 2017-03-24 19:21:33 ahills: mkinitfs-init is easy to read? 2017-03-24 19:21:33 well, unless you count source as documentation 2017-03-24 19:21:37 right 2017-03-24 19:21:58 well, I think it is... alpine scripts are where I learned to write well-formed sh 2017-03-24 19:22:27 ahills: Are you up to help with documenting the new mkimage/mkinitfs system by chance? 2017-03-24 19:24:00 TemptorSent: maybe? is it live already? 2017-03-24 19:24:04 ahills: There is now a rather more complete profile system as well as modular feature system for the fs. 2017-03-24 19:24:10 nice! 2017-03-24 19:24:47 well, I'm just about to install alpine on another laptop, so now's a good time to use it 2017-03-24 19:24:54 ahills: Not quite live yet, my work branch (which will end up in its own repo) is at https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-24 19:26:23 TemptorSent: does it work? 2017-03-24 19:26:27 ahills: Please take a poke at it and let me know what breaks. The minimum to pass it is --profile and one of the repo options ( --repository-file /etc/apk/repositories works ) 2017-03-24 19:27:15 ahills: I've been testing mostly using the virt image in qemu, and unless I fubard somethign recently, it was building and running successfully. 2017-03-24 19:27:59 why is github making it difficult to see the diff... 2017-03-24 19:28:04 ahills: It also should be able to cross-build to other platforms, but I currently can't test it on my system because of a bug in apk that causes it to puke. 2017-03-24 19:28:28 ahills: Dunno, although there's not much of the original left to see :) 2017-03-24 19:29:02 fair enough 2017-03-24 19:29:25 You should be able to do the 'compare' and see the history. 2017-03-24 19:32:56 ahills: mkinitfs has been encapsulated in initfs/plugin-mkinitfs.sh 2017-03-24 19:34:38 ahills: The actual implementation was largely retained, but the whole of the outer logic was axed and a compatibility wrapper added. 2017-03-24 19:36:14 ahills: That is where the integration with the new init will be added, probably using the same code as the files/modules do now and apks will soon. 2017-03-24 19:36:37 ahills: The rest of it should be pretty well documented :) 2017-03-24 19:45:51 ahills: If any names / options need to be changed, now is the time to do it, not after the 3.6 release. 2017-03-24 19:47:08 ahills: I skeld out the docs needed in the TODO, I just haven't had time to start writing them yet, I want to get feature-complete and tested worse than I want to get nicely documented at the immediate moment. 2017-03-24 19:49:18 Anyway, I'm heading out for the day in a little bit, so let me know what you find and I'll attack it when I get back. 2017-03-24 19:52:52 TemptorSent: will do 2017-03-25 14:13:52 hi! getting an error with nslookup I have never gotten before. some addresses including local machine return nslookup error nslookup: can't resolve '(null)': Name does not resolve... anyone have an idea what might be the cause 2017-03-25 14:15:03 whereas if I specify nslookup sample.com 8.8.8.8 it resolves or sample.com 192.168.1.1 it resolves 2017-03-25 15:33:22 hello! While I have used Alpine with docker a bunch, I am new to installing Alpine. I am following the EC2 guide - http://wiki.alpinelinux.org/wiki/Install_Alpine_on_Amazon_EC2 - and I'm confused about "Create an amazon.apkovl.tar.gz file to put on the target" - how is this created? 2017-03-25 15:39:11 in https://gist.github.com/kennwhite/d89174749ce468f7c455 I see mention of `lbu`, but I don't see this utility in the docker image. 2017-03-25 15:40:21 is there an APK package that has `lbu`? 2017-03-25 15:41:50 piepy, it comes frmo alpine-conf 2017-03-25 15:42:05 ah yes, I just found https://github.com/alpinelinux/alpine-conf 2017-03-25 15:42:21 alpine-base depends on it, so you normally should get it 2017-03-25 15:42:34 if you are doing minimal setup using your own top level deps without alpine-base, then it might be missing 2017-03-25 15:42:43 normally we assume 'alpine-base' is installed 2017-03-25 15:42:45 but I guess it doesn't really make sense to put it in the alpine docker image 2017-03-25 15:42:55 not really 2017-03-25 15:43:06 is `lbu` the best way to create the apkovl? 2017-03-25 15:43:25 that's the current standard way to do it from running system 2017-03-25 15:43:34 the image builder creates it manually, though 2017-03-25 15:43:51 the ISO image builder? 2017-03-25 15:43:52 lbu uses apk to construct the list of files to store 2017-03-25 15:43:55 yes, the iso image builder 2017-03-25 15:44:20 OK, I can probably look up the scripts used in that builder. I will give `lbu` a shot first 2017-03-25 15:44:41 apkovl is currently just a .tar.gz containing the changed files 2017-03-25 15:45:04 I don't see an existing EC2 image for alpine, so I am working on using packer to auto-build one 2017-03-25 15:45:49 previously I built only private images. there's been discussion on providing public EC2 images, but not sure where that is currently 2017-03-25 15:46:04 yea, that's understandable 2017-03-25 15:46:25 if I'm successful, I'll share my work and see if it's helpful to the project 2017-03-25 15:46:28 thanks for the info, I'll see if I can create the apkovl from here 2017-03-25 15:46:58 What exactly would be needed for the image? 2017-03-25 15:48:50 TemptorSent: http://wiki.alpinelinux.org/wiki/Install_Alpine_on_Amazon_EC2 ? 2017-03-25 15:49:14 there are a few details EC2 wants to see (SSH/networking, mostly, I think) 2017-03-25 15:51:04 piepy: Do you happen to know more about what's needed in terms of kernel/modules? I've already taught my branch of mkimage to autogenerate SSH keys for images. 2017-03-25 15:51:26 I don't, I'm feeling my way around the dark here 2017-03-25 15:52:08 I'm not sure how it will go, though I hope to have a minimal image as a container base that boots fast and is more enjoyable to use than coreos 2017-03-25 15:52:41 piepy: Okay, I have the virt-profile pared down to almost nothign and happy under qemu, but EC2 is on Xen, right? 2017-03-25 15:53:37 piepy: Can you pop into a coreos image and get the list of required modules perhaps? 2017-03-25 15:54:04 (Running requirements) 2017-03-25 15:58:00 piepy: You can take a look at https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage and give it a try if you like. Minimal invocation is ./mkimage --repository-file /etc/apk/repositories --profile virt' You also probably want to set --workdir and --outdir to somewhere. 2017-03-25 15:59:01 TemptorSent: yes, EC2 is Xen. I am starting with the Xen ISO image 2017-03-25 15:59:29 TemptorSent: what does mkimage do? build an ISO? 2017-03-25 15:59:55 piepy: virt currently has just the virtio drivers an not much else, so you may need to add the initfs feature virt-guest-compat. 2017-03-25 16:00:21 I ought to be able to load up a CoreOS image and check the modules in a bit, sure. I first want to get my apkovl file integrated and run packer at least once. 2017-03-25 16:00:23 piepy: Yes, it builds iso (and tarballs, or whatever you want really) 2017-03-25 16:00:34 cool 2017-03-25 16:01:00 piepy: It looks like the wiki page is a full major version and then some out of date, so you may find things don't quite line up. 2017-03-25 16:01:40 piepy: It also has features that you can use to autogenerate ssh keypairs, autostart dhcp, postgres, etc. 2017-03-25 16:02:40 piepy: So no lbu step should be neede -- you can write one-off profiles in your ~/.mkimage directory for your exact configuration, including writing what you want added to the overlay. 2017-03-25 16:03:11 piepy: I'm working on cleaning up the overlay system somewhat, as well a rewrite of the initramfs init system. 2017-03-25 16:05:26 ATM I just want to see a Alpine boot on EC2 :) 2017-03-25 16:05:37 I'll get deeper into this once I have that working 2017-03-25 16:12:02 piepy: Given the right modules, you should be able to just drop the image in an run. 2017-03-25 16:12:34 I'm not sure what you mean by "drop the image in and run" 2017-03-25 16:13:22 piepy: You shouldn't need to do any of the setup steps other than getting it to boot. 2017-03-25 16:13:47 setting dhcp, sshd, keys, etc. 2017-03-25 16:14:07 I don't want to have to build an ISO to then build the EC2 AMI. I want to "run one thing" that ends up with an AMI. 2017-03-25 16:14:33 building an ISO means hosting it too 2017-03-25 16:15:04 If there was an ISO for EC2, I'd use that, but then alpine might as well build an AMI as well 2017-03-25 16:15:12 piepy: Right, that's why I'd like to add direct output for AMI :) 2017-03-25 16:15:30 piepy: I just need to know what it requires. 2017-03-25 16:15:50 I'll hang around here a bit and let you know how my experiment goes :) 2017-03-25 16:16:11 piepy: It should just be a matter of adding the proper definition for the imagetype and whatever it needs to package it properly. 2017-03-25 16:19:12 piepy: It looks like Amazon makes it hard to build an EBS image without being on thier service. 2017-03-25 16:21:18 piepy: I wonder if the instance store is more sane... 2017-03-25 16:22:59 yea, you would need an account to create an AMI (you have to run an instance, create the AMI from the instance, and then that AMI is stored on S3, which costs $) 2017-03-25 16:23:18 you can probably build the AMI on the free tier, but storage on S3 is $ 2017-03-25 16:23:50 piepy: Yeah, trying to figure out what would be needed to just drop into an AMI and bundle at least. 2017-03-25 16:24:23 "drop into an AMI" == "run an instance using an AMI" 2017-03-25 16:24:50 does alpine use /etc/network/interfaces? 2017-03-25 16:25:24 Yes, it does. 2017-03-25 16:26:55 ah yes, found the helpful page in the wiki 2017-03-25 16:27:07 piepy: Can you downlad your image from AWS and inspect it? 2017-03-25 16:28:00 um.. not really. You could build an OVA and _import_ it into AWS, but I guess that wouldn't really help you 2017-03-25 16:28:50 piepy: I'm trying to figure out how to dump in at least the full FS image so you could start an instance and import with a couple commands. 2017-03-25 16:29:20 Can you mount a file as a device? 2017-03-25 16:33:10 TemptorSent: mount a file as a device? like an ISO as a loopback? yes 2017-03-25 16:34:50 piepy: ISO would work I suppose, but something like a squashfs would be nice :) 2017-03-25 16:35:34 piepy: Something that can be used to bootstrap the build process anyway. 2017-03-25 16:35:37 I'm not sure what isn't clear.. EC2 is Xen, you can run Linux/BSD/etc on it - if you run linux, it's just like linux elsewhere 2017-03-25 16:35:47 I'm bootstrapping my build on ubuntu 2017-03-25 16:35:56 piepy: Right, I mean what you can mount to amazon as a EBS 2017-03-25 16:36:36 piepy: I'm seeing ephemeral an EBS. 2017-03-25 16:36:56 EBS is just a way to create/attach a volume, just like a HD 2017-03-25 16:37:35 piepy: Exactly, if you could import such a volume directly, all that would be missing is the aws bundling I believe. 2017-03-25 16:38:23 piepy: I'm looking at EFS right now, which might be an option. 2017-03-25 16:38:51 EFS == NFS, I don't see how that would help 2017-03-25 16:39:01 piepy: NFS root :) 2017-03-25 16:39:55 piepy: Then an iso can be used to bootstrap and all config be stored on the EFS. 2017-03-25 16:42:48 why would that be necessary? 2017-03-25 16:43:48 piepy: So we could generate a single iso image to then create any number of configured instances once it's bootstrapped. 2017-03-25 16:45:40 Ahh, it looks like the old ec2-ami-tools will allow importing! 2017-03-25 16:49:13 Or you can register an image stored in s3 storage somehow, although it's not entirely clear on WHAT kinf of image. 2017-03-25 16:50:14 Does it want a raw block device? A device partitioned using BIOS disk lables? EFI? 2017-03-25 16:51:43 Basically, what does their environment need for an image to be BOOTABLE? 2017-03-25 16:57:04 piepy: Basically, with enough information about what the image format and boot parameters, I should be able to spit out either a complete image or a tarball ready to be extracted to a EBS device inside a running instance that could then be turnd into it's own EBS image. 2017-03-25 17:06:28 TemptorSent: yes, if you build an ISO that's fit for AWS, that's better than the current process 2017-03-25 17:31:26 piepy: That's what I'm shooting for. 2017-03-25 17:44:52 is `lbu` aware of packages? eg, could I say "ensure you backup all pkg that were installed", or do I need to explicitly add/include each file for each package? 2017-03-25 17:48:33 piepy, yes, it stores etc/apk/world, and apk restore the packages on tmpfs boot; apk cache needs to be enabled for that 2017-03-25 17:55:21 ah, ok.. so if I install a package with `apk add foo`, the foo package would be restored, but if I use `apk add --no-cache foo`, I don't get that. 2017-03-25 17:56:46 fabled: Would you see any problem with sending ALL init output to /dev/kmsg and eliminating the rest of the mess with quiet? 2017-03-25 17:57:55 fabled: Then just toggling dmesg with the quiet flag (or setting it to ERR) and running dmesg on error when we start a recovery shell? 2017-03-25 18:10:07 fabled: Implemented with a wrapper like "run() { $@ > /dev/kmod 2>&1 || handle_error ; } 2017-03-25 18:12:35 fabled: Hmm, I may have lied, log may need to be a function because kmsg (oops, not kmod!) wants ' msg' 2017-03-25 18:53:46 fabled: Solved -- twiddle the /proc/sys/kernel/printk values instead :) 2017-03-25 19:42:09 Hey guys, I have a vagrant box - atlas.hashicorp.com/hypoalex/boxes/alpine - that I built using https://github.com/hypoalex/packer-templates/tree/master/alpine and it's failing to mount the vboxsf filesystem, the mount command doesn't return any errors. Any idea what I'm missing here? 2017-03-25 19:44:26 https://github.com/hypoalex/packer-templates/blob/master/alpine/scripts/05virtualbox.sh#L6-#L10 - It's loading and detecting the guest additions when I do a `vagrant up` 2017-03-25 19:56:19 hi! getting an error with nslookup I have never gotten before. some addresses including local machine return nslookup error nslookup: can't resolve '(null)': Name 2017-03-25 19:56:29 does not resolve... anyone have an idea what might be the cause 2017-03-25 19:56:36 whereas if I specify nslookup sample.com 8.8.8.8 it resolves or sample.com 192.168.1.1 it resolves 2017-03-25 20:01:09 How does Alpine stack up against container distros like CoreOS? I'm considering slim distros to run Kubernetes. Anyone have experience with Kubernetes and Alpine? 2017-03-25 20:06:45 <_ikke_> alpine is not specifically a container OS, it's just very small 2017-03-25 20:08:10 atmoz: I haven't yet run kube ON alpine (though I'm working towards getting there), but I have run coreos a bunch (as a host on EC2), as well as alpine as a docker container. I would like to run alpine on EC2 to run kube/nomad on it, primarily b/c I want a minimal base OS that is also easy to admin and work with. I'm tired of Ubuntu, and I'm super annoyed by coreos making admin difficult (no package manager, forces you to build/ 2017-03-25 20:10:29 piepy: i'd be interested in collaborating for kube on alpine, do you have package build files defined yet? 2017-03-25 20:11:35 I'm currently working on automating a build for the EC2 image - haven't gotten to the part where I "run Alpine on AWS" 2017-03-25 20:11:39 piepy: Is it possible to download your image from the s3 storage? 2017-03-25 20:12:06 piepy: A little forensics and we should be able to spit one out. 2017-03-25 20:12:09 I haven't yet gotten packer to build, still futzing with it (but almost there) 2017-03-25 20:12:19 gotcha 2017-03-25 20:12:54 I'm still trying to figure out what the initfs-init really needs and doesn't, as well as giving real logging. 2017-03-25 20:59:28 anyone know what package provides nslookup is it net-tools or something 2017-03-25 21:14:46 TemptorSent: I am able to build and run an AMI, but I haven't yet gotten it to stay running - there are some AWS requirements I must be missing (AWS wants to be able to write SSH key and some other stuff) 2017-03-25 22:10:22 transhuman_: bind-tools 2017-03-25 22:20:15 piepy: Hmm, how does it go about writing the ssh keys? 2017-03-25 22:24:12 thanks kahiru 2017-03-25 23:22:44 TemptorSent: IDK, need to do some more research, I'll dig in some more and report back when I have results 2017-03-25 23:28:07 piepy: Sounds good. 2017-03-26 01:25:01 hi 2017-03-26 01:25:06 who is behind alpine 2017-03-26 01:25:12 there is no info on the site 2017-03-26 01:27:43 nm 2017-03-26 01:27:45 i see 2017-03-26 05:22:32 Are there any complications to running edge on a run from RAM install? 2017-03-26 11:05:45 saintdev: I'm not aware of any 2017-03-26 11:05:56 btw does anyone succeeded in running alpine on odroid c2? 2017-03-26 11:06:05 s/does/has 2017-03-26 13:59:23 Hey, how do I install the musl gcc wrapper? I thought that this is going to be easy as alpine is using musl. 2017-03-26 14:14:12 rokf : musl gcc wrapper is for cross compiling (from a glibc/uclibc) I believe. and it does not come in default Alpine as Alpine runs on musl 2017-03-26 14:14:14 rokf : http://wiki.musl-libc.org/wiki/Getting_started#Using_the_musl-gcc_wrapper 2017-03-26 14:26:21 tmh1999: thank you 2017-03-26 14:28:56 indeed there's no reason to use it if the native libc is musl 2017-03-26 14:30:15 ohh, so I just use gcc and it will use musl in the back? 2017-03-26 14:33:35 yes 2017-03-26 14:48:54 Hi getting the following error http://sprunge.us/IPje these are my hosts file http://sprunge.us/KaUY and my apache2.conf file http://sprunge.us/fAdM thanks in advance for any help ( as you can see I am using the ServerName directive) 2017-03-26 14:52:12 transhuman_ : This is more like apache configuration than an Alpine thing 2017-03-26 15:23:51 ok tmh1999 2017-03-26 15:23:53 thanks 2017-03-26 16:08:36 Someone did already use Dancer2 webapp on Alpine container? The compilation of the Perl module failed because EXTERN.h file is missing… I'm wondering where to find it. 2017-03-26 16:13:04 Ok, I found it in perl-dev apk. ^^" 2017-03-26 18:28:38 Does Alpine work ok with EFI? 2017-03-26 18:29:43 depends how you define that. 2017-03-26 18:30:24 we currently dont provide an efi bootloader, so you will have to create that yourself. 2017-03-26 18:30:42 ones you do, it will boot just fine :) 2017-03-26 18:32:02 Linux (the kernel) provides EFI support which iirc is turn on for the kernel that comes with alpine 2017-03-26 18:32:35 EFISTUB or EFI_STUB 2017-03-26 18:33:10 clandmeter: hopefully you don't mean create a bootloader from scratch ;) 2017-03-26 18:34:32 https://bugs.alpinelinux.org/issues/5191 2017-03-26 18:34:43 efi stub does not support initramfs 2017-03-26 18:34:51 so you will need a proper bootloader 2017-03-26 18:35:25 that's a bummer :/ 2017-03-26 18:35:35 not sure how users define proper, but grub seems to be the only multi arch bootloader. 2017-03-26 18:36:03 if you want it just for x86_64 you can check our wiki 2017-03-26 18:36:32 we are planning to add efi support in next release. 2017-03-26 18:36:35 3.6 2017-03-26 18:37:24 there's refind http://www.rodsbooks.com/refind/ 2017-03-26 18:37:40 apart from the software the pages provide a lot of info 2017-03-26 18:37:47 good luck with that 2017-03-26 18:38:03 though not in a very tidy manner, links are scatterd all over the place 2017-03-26 18:39:40 Argh. Any ETA on 3.6, then? I'm going to replace a soon-to-be-EOL Ubuntu 12.04 install on my home server. 2017-03-26 18:39:41 we have gummiboot 2017-03-26 18:39:54 isn't gummiboot now part of systemd? 2017-03-26 18:40:03 it is 2017-03-26 18:40:12 but we have it in our repo before it got merged in 2017-03-26 18:40:29 but as i said, it has limited arch support. 2017-03-26 18:41:01 for instance, it builds for aarch64 with patches, but doesnt want to boot in my environment. 2017-03-26 18:41:22 WTF? Systemd now includes a bootloader?! 2017-03-26 18:41:43 yes for a long time 2017-03-26 18:41:47 it's a logical next step 2017-03-26 18:41:55 but you still need apk to fetch coffee 2017-03-26 18:42:08 "apk fetch coffee" 2017-03-26 18:42:10 i was not disappointed 2017-03-26 18:42:18 :) 2017-03-26 18:42:39 systemd should implement features like that :) 2017-03-26 18:44:11 shodan45, if your arch is x86_64 you can try gummiboot (check our wiki). 2017-03-26 18:45:10 that's the only reference I get https://wiki.alpinelinux.org/wiki/Create_UEFI_boot_USB 2017-03-26 18:45:45 it doesnt matter, usb or any other block device. 2017-03-26 18:45:51 right 2017-03-26 18:46:12 we already asume you know what you are doing when you are in this channel :) 2017-03-26 19:09:50 What do we need in the initramfs to cleanly support multiarch EFI booting? 2017-03-26 19:21:33 hm 2017-03-26 19:22:04 is xf86-video-mach64 still broken? it was marked broken in 2011 but it never went back to working status 2017-03-26 19:22:49 it along with the DRI doesn't seem to be packaged at all 2017-03-27 01:29:07 kahiru: Not sure about that but probably it works with the aarch64 image. 2017-03-27 06:35:29 pickfire: I'd be quite surprised if the aarch64 image worked as-is 2017-03-27 06:36:39 kahiru: Not sure, haven't tried alpine on c2, just tried alarm. 2017-03-27 06:37:00 'evening pickfire. 2017-03-27 06:37:01 Tried alpine on rpi 3 as well. 2017-03-27 06:37:07 TemptorSent: Hi 2017-03-27 06:37:13 pickfire: I'm running alarm there atm. but meh 2017-03-27 06:37:16 it just isn't alpine 2017-03-27 06:37:19 How'd the rpi3 go? 2017-03-27 06:37:22 TemptorSent: Evening. 2017-03-27 06:37:33 TemptorSent: Nice and easy. 2017-03-27 06:37:57 kahiru: Alarm is nice for arm devices, they provides optimized builds. 2017-03-27 06:38:19 TemptorSent: Just the part for setting up is a bit complicated. 2017-03-27 06:38:26 pickfire: It'd be nice if we could use it in aarch64 mode, but I guess we still don't have 64bit support from the upstream for the blobs/drivers aside from bootloading. 2017-03-27 06:38:43 pickfire: What'd you have to do? 2017-03-27 06:39:26 I mean need to do some reading to setup the sys mode. 2017-03-27 06:39:44 Because it can't be setuped just like that. 2017-03-27 06:40:08 TemptorSent: Sorry that I haven't been sending much patches to alpine dev since I was a bit busy. 2017-03-27 06:40:12 pickfire: Hmm, ideally we could just drop it in and it boot. 2017-03-27 06:40:28 Yeah, it boots. 2017-03-27 06:40:38 pickfire: No problem, I got sidetracked somewhat analyzing the boot process while trying to clean up init. 2017-03-27 06:40:52 In data mode IICC or something similar. 2017-03-27 06:41:11 IIRC* 2017-03-27 06:41:20 We have no way of verifying our boot artifacts (kernel, initramfs, modules) once they're made currently. 2017-03-27 06:41:50 pickfire: Hmm, so the bootloader isn't picking up the options properly? 2017-03-27 06:41:59 TemptorSent: No 2017-03-27 06:42:02 pickfire: I know it's funky, but I didn't look at the details. 2017-03-27 06:42:20 setup-disk can't switch to sys mode for rpi 2017-03-27 06:42:40 Oh, yeah -- setup-disk is a 3 trick pony :) 2017-03-27 06:42:46 TemptorSent: I haven't tested your iso generator in arm devices. 2017-03-27 06:43:08 It builds tarballs with boot configs in theory for uboot, and rpi configs for pis 2017-03-27 06:44:19 pickfire: And part of where I got tangled in the init mess is trying to find a clean way of hooking in a first-boot installer so we can net-boot a stub and install from that. 2017-03-27 06:45:20 Ah 2017-03-27 06:45:39 TemptorSent: So you aim to make it flexible such as getting netboot on the first boot. 2017-03-27 06:45:41 pickfire: Currently, we end up having a lot of useless modules and such to deal with, and no way of knowing that we have the right versions or that they're intact. 2017-03-27 06:46:40 Maybe don't put the useless modules into the iso or let the user configure which modules they want (I think you already do that). 2017-03-27 06:47:18 pickfire: Yeah, see what I'm working on to fix the trust issue at http://termbin.com/eq512 2017-03-27 06:48:07 pickfire: The problem at present is modloop, and the bigger problem it brings up is WTF do we know about the contents of modloop and how do we verify it? 2017-03-27 06:48:52 pickfire: And this is painfully apparant, as I'm on a system that somehow did a kernel upgrade which gave me the kernel from one revision and the modules from the next! 2017-03-27 06:49:23 pickfire: So my initfs modules were good, but my modloop are not. 2017-03-27 06:49:58 pickfire: This shouldn't happen, either during install or boot without at the very least some nasty warnings. 2017-03-27 06:50:37 The kernel knows how to handle signed modules and reject those with bad sigs, but can allow unsigned. 2017-03-27 06:52:01 pickfire: Between that, and baking in the stub loader with a verified stub loader and keys, I think we can at least be sure we're running what we installed and it hasn't the files altered. 2017-03-27 06:52:53 pickfire: Hopefully the logic there makes sense. 2017-03-27 06:54:20 pickfire: Once we've loaded the stub, verified ourselves vs. our internal sums, we extract our base payload from a apk-signed tarball, double check our sums against those (which were signed with the same key as the kernel presumably). 2017-03-27 06:55:47 From there, we can include whateve payload we need to boot our particular environment as a signed tarball, and init-base (which has an empty environment except BB, APK, and DIRTY) take over, reading options previously written out to files in /.init.d/env 2017-03-27 06:56:56 This should let us ensure crypto keys are not thrown around decrypted and that we don't have unsecured payloads loading before our intended boot using and append. 2017-03-27 06:58:19 It also provides us with some at least reasonably authenticated (or at least out of band and verifyiable) keys to verify the integrity of any net-boot payload. 2017-03-27 06:59:05 ...all from a chicken and egg problem with the host keys in the image. 2017-03-27 06:59:31 So, do you trust the keys in the initram fs or on the filesystem? 2017-03-27 07:00:14 We're not there yet, but presumably we could utilize secureboot/tpm if we can maintain the chain of trust. 2017-03-27 07:05:15 pickfire, i installed alpine 3.5 yesterday on alpine in semi sysmode. 2017-03-27 07:05:25 err on rpi3 2017-03-27 07:05:33 need more coffee 2017-03-27 07:10:05 what's the benefit of alpine on a rpi clandmeter vs raspian ? 2017-03-27 07:10:51 ekarlso: raspian is rather heavy for embedded applications and not something I'd care to try to secure. 2017-03-27 07:11:49 ekarlso, not sure the platform matters, alpine is just different then debian. 2017-03-27 07:13:18 ekarlso: raspian-light would be better comparison, but I suspect your looking at approaching an order of magnituded difference in installed size (excluding kernel, since it 's the same) 2017-03-27 07:14:21 ekarlso: rasbian is an educational tool with all sorts of cool (and proprietary) software. 2017-03-27 07:14:23 and i dont know enough about raspbian to do a full comparison. 2017-03-27 07:14:50 Wolfram Research :) 2017-03-27 07:14:53 :o 2017-03-27 07:15:39 I think I have found some errors for sway crushing suid stuff. http://ix.io/piH 2017-03-27 07:15:43 ACTION reads 2017-03-27 07:16:34 ekarlso: Which is great for using it as something to hack around with or use in a class or whatnot, but not so great when you're trying to use a rpi for a specific purpose, especially on the modules. 2017-03-27 07:16:56 and alpine runs from ram by default on rpi, which makes it much faster at cost of memory usage. 2017-03-27 07:17:01 ekarlso: Basically it boils down to use the right tool for the job. 2017-03-27 07:17:01 TemptorSent: I will probably trust the key on the filesystem. 2017-03-27 07:17:23 pickfire: But how did that filesystem get mounted? 2017-03-27 07:17:32 ekarlso: Alpine is probably faster since it uses musl. 2017-03-27 07:17:52 thats not always true 2017-03-27 07:18:17 so yes, probably possible :) 2017-03-27 07:18:24 But IIRC alpine doesn't provides optimized compiled packages for arm. 2017-03-27 07:18:38 pickfire: It comes down to we can verify pretty much everything on the system EXCEPT the kernel/modules/initramfs. 2017-03-27 07:18:45 ekarlso: If you want, go alarm. 2017-03-27 07:19:14 clandmeter: And probably smaller binary as well. 2017-03-27 07:19:24 pickfire: In fact, if we use signed apkovls, it is the only missing link in being able to run a static analysis of an image and verify it. 2017-03-27 07:19:53 alarm? 2017-03-27 07:19:55 TemptorSent: But if someone tampered with the signature as well? 2017-03-27 07:20:01 clandmeter: arch linux arm 2017-03-27 07:20:15 Arch Linux ARM -> ALARM 2017-03-27 07:20:25 http://seclists.org/fulldisclosure/2017/Mar/63 2017-03-27 07:20:57 lol 2017-03-27 07:21:00 pickfire: Right, you have to trust some signature, sometime - the point is that can you tell if the kernel/initramfs/modules you're running are actuall the ones that came in your signed packages? 2017-03-27 07:21:04 I wonder why sway without x11 doesn't get any input ] 2017-03-27 07:21:04 for 64bit, ALAARM 8-/ 2017-03-27 07:21:07 http://ix.io/piJ 2017-03-27 07:21:49 why the heck does a washer have a shadow file 2017-03-27 07:21:54 ACTION beats head into desk 2017-03-27 07:22:00 TemptorSent: Initramfs and kernel probably yes but I don't think modules can. 2017-03-27 07:22:18 pickfire: It wouldn't prevent a malicious user, it would prevent undetected tampering. 2017-03-27 07:22:32 scv: internet of things IFTTT integration? 2017-03-27 07:22:41 well atleast a Miele lasts forever they say. 2017-03-27 07:22:41 pickfire: Actually, the kernel itself supports the verification of signed modules. 2017-03-27 07:22:54 Xe: internet of shit -_- 2017-03-27 07:23:05 hope they provide sw updates that long... 2017-03-27 07:23:26 scv: the "s" in IoT stands for "security" 2017-03-27 07:23:34 ha 2017-03-27 07:23:37 thats a good one 2017-03-27 07:23:41 :) 2017-03-27 07:23:59 pickfire: The idea being that you install a kernel package which has a baked-in stubloader, which contains the keys used to build it and checksums for each. 2017-03-27 07:24:09 though, threats of lawsuits might finally get IoT to be secured better 2017-03-27 07:24:28 Ah, haven't heard of that. 2017-03-27 07:24:53 pickfire: So you have the signature on the kernel package to verify, and you verify the signature of each and every file involved in boot. 2017-03-27 07:24:57 as in that might be the impetus they need to actually care about security 2017-03-27 07:25:01 I heard they say IoT are botnets but I wonder why. 2017-03-27 07:26:08 because the "s" in IoT stands for "security" 2017-03-27 07:26:13 pickfire - because nobody building those thigns gives a shit about anything other than 'coool featurez' or 'easy remote diagnositcs', neither of which are particularly compatible with 'well secured' 2017-03-27 07:26:33 Xe :) 2017-03-27 07:26:34 unsecured IoT devices that have public facing ports are basically hacked instantly 2017-03-27 07:26:42 How? 2017-03-27 07:26:52 by botnets that target them 2017-03-27 07:27:09 Can a public facing ports be hacked instantly? 2017-03-27 07:27:38 it's within a few hours, but in the grand scheme of things instant 2017-03-27 07:27:49 Is it really hacking when you do ssh 'root@192.168.3.51' and get '# ' without so much as a request for a password? 2017-03-27 07:28:21 What? 2017-03-27 07:28:22 ??? 2017-03-27 07:28:24 Considering the number of buggy routers out there, it's almost trivial to get them to bounce-open ports. 2017-03-27 07:28:33 > get '# ' without so much as a request for a password? 2017-03-27 07:28:36 pickfire: Yes, it's that bad in places. 2017-03-27 07:28:36 That's insane 2017-03-27 07:29:02 TemptorSent: if it's not hacking, then we need a term for it because it's everywhere 2017-03-27 07:29:06 pickfire: And that's an improvement, it used to be just telnet 165.227.1.35 and you're into the router :) 2017-03-27 07:29:13 from ANYWHERE. 2017-03-27 07:29:16 Xe: I didn't even knew that. 2017-03-27 07:29:25 Oh, that's not even hacking. 2017-03-27 07:29:32 That's public access 2017-03-27 07:29:57 most of the time they download a botnet binary to the device 2017-03-27 07:30:01 That's the best security that I have ever heard of 2017-03-27 07:30:04 i kinda consider that the "hacking" part 2017-03-27 07:30:10 pickfire: ANYBODY can log in, you might have to guess a few letters to get adminstrative access.. then again, try 'SECRET' or 'ENABLE' 2017-03-27 07:30:13 Haha, ssh for root 2017-03-27 07:30:34 Wow 2017-03-27 07:30:51 I have never even enable ssh for root. 2017-03-27 07:30:52 Xe: Yeah downloading a file is hacking these days... *shakes head* 2017-03-27 07:31:15 TemptorSent: it probably stays alive thanks to the wrath of cron 2017-03-27 07:31:18 pickfire: ssh is the only root access I allow, and that's restricted to local net. 2017-03-27 07:31:52 Xe: *LOL* Oh, if the old RADIUSd servers could talk.. 2017-03-27 07:32:35 TemptorSent: I will never allow that. 2017-03-27 07:32:54 Xe: People treat running PPP over some random protocol as a wrapper is a hack these days :) 2017-03-27 07:33:11 Not even to local server, need to pass normal user ssh (pub key with pass) then only can sudo -i with pass as well. 2017-03-27 07:33:27 pickfire: How do you allow root access? Do you trust your local users? 2017-03-27 07:33:46 TemptorSent: I only allow root access to myself only. 2017-03-27 07:33:54 No others are allowed. 2017-03-27 07:34:08 I mean with the help of group wheel. 2017-03-27 07:34:09 pickfire: Right, but how do you gain secure remote access? 2017-03-27 07:34:24 ssh? locally 2017-03-27 07:35:00 Of course ssh locally first to add the key then only remove password authentication. 2017-03-27 07:35:04 pickfire: Yeah, more for things like system backups (zfs send) and the like. 2017-03-27 07:35:30 Oh, I rarely do backups since I don't have storage here. 2017-03-27 07:35:44 I do backup from laptop to pi though with rsync. 2017-03-27 07:35:56 pickfire: I don't allow root logins except from terminal at home or ssh from internal network using trusted key 2017-03-27 07:35:57 rsync protocol or ssh 2017-03-27 07:36:14 Ah 2017-03-27 07:36:42 Well, the only way for root logins is to ssh to my onw user first. 2017-03-27 07:36:54 pickfire: Essentially I use a DMZ so I can tunnel secure root connections over my already authenticated user connections. 2017-03-27 07:37:33 pickfire: Sounds like we're doing essentially the same thing, just with opposite wrapping directions. 2017-03-27 07:38:00 TemptorSent: What is DMZ actually? I have heard of it. 2017-03-27 07:38:22 Ah 2017-03-27 07:38:22 De-Milterized Zone 2017-03-27 07:38:43 Something like a honeypot. 2017-03-27 07:38:43 middle zone between full protection and the outside 2017-03-27 07:39:21 TemptorSent: I don't use that since I have no other devices at home. 2017-03-27 07:39:41 Nothing more than an environment with minimal privs and strong authentication you must connect to before you can establish a connection through it to the internal netowrk. 2017-03-27 07:39:59 But probably can do a firejail for that and break the jail with password again. 2017-03-27 07:40:02 pickfire: I run it even on a single host as needed. 2017-03-27 07:40:12 ? 2017-03-27 07:40:15 Basically, yes, that's the same idea 2017-03-27 07:40:17 Single host? 2017-03-27 07:40:51 pickfire: Yes, running a chroot jail, tap, bridge, and back-to-back firewall rules. 2017-03-27 07:41:33 Oh, sounds complicated. 2017-03-27 07:41:43 pickfire: basically an internal VPN that only allows connections from untrusted zones by first connecting to the DMZ and authenticating, then you tunnel through. 2017-03-27 07:41:49 I just setup sshguard for security. 2017-03-27 07:42:04 Yeah, basically using DMZ as a tunnel. 2017-03-27 07:42:07 pickfire: Not really complicated, but a VM works better. 2017-03-27 07:42:19 ACTION had never successfully used tap or bridge 2017-03-27 07:42:49 You run things in reverse, with the VM getting the actual network hardware via pci-pass and it running your firewalling. 2017-03-27 07:44:33 That eliminates two major vectors for breach, in that the host OS can't accidentally leak what it's not actually touching, and that you can depriv the VM such that any breach there can't write anything. 2017-03-27 07:46:10 So your security system is essentially running in immutable mode, with the only means of touching it being to rewrite it from INSIDE the host and update it, probably with some manual intervention to make it really secure. 2017-03-27 07:46:53 (Yes, that's one of the images I intend to setup for mkimage -- a nested system with kvm outer and firewall / storage inner. 2017-03-27 07:47:41 Hmm, I've usually had pretty good luck with both taps and bridges (and tun too at one point) 2017-03-27 07:49:41 Hmm, I guess getting configs like this out there might open a few eyes as to real, vs. perceived layered security. 2017-03-27 07:50:02 TemptorSent: could you ping me if/when you do? 2017-03-27 07:51:23 kahiru: Working on it now, have part of it working enough to start messing with, but haven't done anything on the FW part yet. 2017-03-27 07:52:43 kahiru: I can currently build vm images with baked in services quite easily, including one-off ssh key-pairs for root login, root user, and host. 2017-03-27 07:53:19 kahiru: I haven't started messing with the FW portion yet, mostly because that appears to be a largely solved problem. 2017-03-27 07:54:16 kahiru: The only tricky part is shaving the VM images to just what's needed, nothing that's not, and making them run cleanly in a RO environment. 2017-03-27 07:55:56 kahiru: The work I'm doing on init now will facilitate that, so it will be a run-from-ram VM image with no access to write anything attached to a file system, and all logging etc done over the network. 2017-03-27 07:59:24 kahiru: Even for minimal configs without VMs, we can do things much cleaner by isolating internal and external network traffic from within the same host and only allowing outgoing external traffic on the specified interface and to the specified gateway. 2017-03-27 08:34:40 TemptorSent: sounds interesting 2017-03-27 09:43:35 hi everyone. since php7.1 and php7.0 now share the same package names, I'm struggling to select which one I want to install 2017-03-27 09:43:52 http://pkgs.alpinelinux.org/packages?page=6&name=php7%2A 2017-03-27 09:44:23 what is the correct syntax for the --repository option? I want community (7.0) but I keep getting 7.1 2017-03-27 09:44:36 (^ in apk add, sorry) 2017-03-27 09:54:20 you should basically decide whether you want to stay in stable or go edge 2017-03-27 09:55:07 a sane approach is to stay in stable, tag the edge repos and only install what you need from edge using apk add package@edge 2017-03-27 09:56:35 <^7heo> moin alle 2017-03-27 09:56:42 sup ^7heo 2017-03-27 09:57:00 <^7heo> CEST happened. 2017-03-27 09:57:05 <^7heo> Everyone feels like a zombie. 2017-03-27 09:57:42 me included, although a couple other factors might have had a part in that :) 2017-03-27 09:58:55 how can I install edge/testing packages in v3.5? apk add php7@edge doesn't seem to work 2017-03-27 09:59:00 <^7heo> In Germany it was even "worse" (all things relative) 2017-03-27 09:59:22 either with or without 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' in the /etc/apk/repositories file 2017-03-27 09:59:26 <^7heo> TBB: The DST change happened EXACTLY the same day as a 15C temperature bump... =/ 2017-03-27 09:59:34 (I gather v3.5/testing does not exist) 2017-03-27 09:59:56 <^7heo> uma: AFAIK testing is only a branch on edge. 2017-03-27 10:00:19 problem is, I need packages php7* packages from edge/testing 2017-03-27 10:00:28 fortunately we're slowly starting to get to a point where countries seriously consider forgetting about the whole daylight saving concept 2017-03-27 10:00:39 <^7heo> uma: how is that a problem? 2017-03-27 10:00:54 <^7heo> TBB: yeah, I just hope they get sane 2017-03-27 10:01:01 fix your repo config, keep stable unpinned, pin the edge ones with @edge-main, @edge-community and @edge-testing or something along those lines 2017-03-27 10:01:03 <^7heo> and don't chose the CET as a standard for the eastern countries. 2017-03-27 10:01:24 <^7heo> TBB: I just pin @community and @testing myself 2017-03-27 10:01:28 because most php7.0 packages are not in community repo 2017-03-27 10:01:44 <^7heo> uma: no they are not. It's intended. 2017-03-27 10:01:44 I need a way to select which packages I want from each repo 2017-03-27 10:01:51 <^7heo> yes you will need to. 2017-03-27 10:02:03 <^7heo> hence TBB's recommendation. 2017-03-27 10:02:05 uma: and that's when you use package@tag 2017-03-27 10:02:26 <^7heo> seems like we need better docs 2017-03-27 10:04:49 ^7heo no, I need to learn how to search 2017-03-27 10:05:03 I was using apk's --help, now I found https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Repository_pinning 2017-03-27 10:05:05 will try that 2017-03-27 10:05:16 <^7heo> uma: that is the way to go yes. 2017-03-27 10:05:25 that's just the kind of thing I read of last weekend 2017-03-27 10:05:29 <^7heo> uma: but I really believe we need better docs ;) 2017-03-27 10:05:43 it was called "extreme ownership", fascinating stuff 2017-03-27 10:06:04 <^7heo> what is called "extreme ownership"? 2017-03-27 10:07:11 what uma just did there is that stuff, taking responsibility, he acknowledged he could improve his searches, did it and found a doc explaining how to solve his problem 2017-03-27 10:07:38 it's basically a term invented by this ex Navy Seal who now teaches corporate decision makers to *gulp* take responsibility 2017-03-27 10:13:01 aaand it works 2017-03-27 10:13:09 thanks for your help guys :) 2017-03-27 10:14:24 on top of that from now I'll be able to stay on stable releases instead of edge. big win 2017-03-27 10:16:31 <^7heo> well, that's the whole point of having the pinning system 2017-03-27 10:16:38 <^7heo> otherwise you would add both repos unpinned 2017-03-27 10:16:42 <^7heo> and that would also work... 2017-03-27 10:16:45 uma: one thing to watch out for: if an package from edge you pinned is deleted you get confusing messages on the upgrade 2017-03-27 10:16:56 <^7heo> ...but you would get the most recent packages of any 2017-03-27 10:17:01 <^7heo> so mostly all the stuff from edge. 2017-03-27 10:17:07 apk keeps you safe but last time it took me a bit to figure what's going on 2017-03-27 10:17:34 <^7heo> (given that you have edge main and stable main) 2017-03-27 10:17:55 <^7heo> darkfader: what do you mean exactly? 2017-03-27 10:18:04 darkfader ty for the tip 2017-03-27 10:21:24 ^7heo: i had pinned enhanceio from edge 2017-03-27 10:21:30 and then the package was deleted 2017-03-27 10:21:47 on the next apk upgrade apk said no (i dont remember the wording unfortunately) 2017-03-27 10:24:02 kahiru: Void have C2 2017-03-27 10:24:10 https://repo.voidlinux.eu/live/current/void-odroid-c2-musl-20170220.img.xz 2017-03-27 10:24:55 <^7heo> darkfader: aaah I got it, when it is deleted on the repo, not on your host... 2017-03-27 10:24:58 <^7heo> moin pickfire 2017-03-27 10:28:12 TemptorSent: Are you Chris? 2017-03-27 10:28:19 ^7heo: moin 2017-03-27 10:49:38 s/chris/christ 2017-03-27 11:13:01 pickfire: yeah, I know... 2017-03-27 11:16:45 kahiru: Tried it? 2017-03-27 11:18:27 pickfire: I tried it on my laptop some time ago. It was all fine until I talked with the devs. since that I don't use it anymore 2017-03-27 11:19:39 kahiru: Huh? The dev humialiated you? 2017-03-27 11:21:06 I asked a dumb question and they were way too hostile to my liking 2017-03-27 11:22:15 Oh 2017-03-27 11:22:50 kahiru: Sorry to hear that. I didn't know they are hostile. You should try #suckless 2017-03-27 11:23:17 One you see how they talk, you won't considered others hostile. 2017-03-27 11:23:26 OFTC* - #suckless 2017-03-27 11:23:48 dunno, maybe I was just having a bad day. And they as well. Who knows 2017-03-27 11:24:17 heh, guess I'll give it a try sometime 2017-03-27 11:25:02 kahiru: :D 2017-03-27 11:27:49 always wanted to give sinit a try 2017-03-27 11:30:05 kahiru: Nice, I wanted to do that as well, and runit on alpine. 2017-03-27 11:30:24 and all that s6 stuff as well 2017-03-27 11:30:50 I am trying to change file descripors limit but it does not get applied, any guide on how to configure pam on alpine? 2017-03-27 11:30:53 s6? 2017-03-27 11:31:10 the skarnet supervision suite 2017-03-27 11:31:17 http://www.skarnet.org/software/s6/ 2017-03-27 11:31:59 untoreh: Not sure about that. /etc/security/limits.conf? 2017-03-27 11:32:45 yes those do not get applied 2017-03-27 11:34:02 suckless init is considered by many as the smallest possible init. I disagree: suckless init is incorrect, because it has no supervision capabilities, and thus, killing all processes but init can brick the machine. Nevertheless, suckless init, like many other suckless projects, is a neat exercise in minimalism. 2017-03-27 11:34:28 untoreh: Then probably I have no idea, I hope others can help. 2017-03-27 11:35:27 kahiru: ^ 2017-03-27 11:36:45 kahiru: Thanks a lot for quoting skarnet 2017-03-27 11:53:17 hi, I'm trying to boot alpine on libvirtd but it just get stuck after starting busybox crond 2017-03-27 11:55:20 gho: I recall hitting that some time ago 2017-03-27 11:55:30 but I have no idea how I worked around it... 2017-03-27 11:55:39 doh :) 2017-03-27 11:58:23 also I noticed on setup-alpine, that if you choose dhcp then the same time udhcp starts is the password prompt, and it dhcp goes second it isnt obvious there's been a pw prompt and so you're left waiting 2017-03-27 12:01:51 does it get unstuck after a while? 2017-03-27 12:03:30 it seems to on the standard image but not on the virt image 2017-03-27 12:03:56 maybe that was the workaround I used 2017-03-27 12:04:07 still takes 3-4mins tho 2017-03-27 12:04:17 tried removing quiet from cmdline but still non the wiser 2017-03-27 12:04:22 dont know how to debug openrc 2017-03-27 12:20:39 ncopa: you're here! :) 2017-03-27 12:23:09 kahiru, just got openrc logging going, appears to be ssh, does that jog your memory? 2017-03-27 12:23:26 gho: could it be that the system has low entropy? 2017-03-27 12:23:37 and maybe making something like haveged start before ssh could help 2017-03-27 12:24:33 yeah I'm starting to think that but random starts before it stalls 2017-03-27 12:26:30 dunno, maybe the virtualized hw doesn't provide enough randomness 2017-03-27 12:26:38 does it even make sense? 2017-03-27 12:27:55 yeah I agree with what youre saying I'm just trying to reconcile it with what I'm seeing 2017-03-27 12:28:01 added haveged but it still stalls on ssh 2017-03-27 12:28:16 cant understand why ssh would need randomness except on initial keygen 2017-03-27 12:36:59 hi guys 2017-03-27 12:37:11 hi 2017-03-27 12:39:01 what's up? 2017-03-27 12:41:02 kahiru, it is ssh, disabling it fixes it and starting it on the console stalls 2017-03-27 12:48:50 adding RNG in the config for the VM fixes it! 2017-03-27 12:49:19 so the virt edition has to have some other means of getting the stuff it needs 2017-03-27 12:50:21 yeah 2017-03-27 12:50:24 Same problem here, also on real hardware like the apu board... my solution is to start haveged before sshd is started 2017-03-27 12:50:28 haveged didn't make any difference sadly 2017-03-27 12:50:45 adding RNG device to libvirt config did 2017-03-27 12:51:48 noticed in log that as soon as random pool initialised, ssh completed 2017-03-27 12:52:58 unfortunately haveged is started after sshd per default on alpine :-/ 2017-03-27 12:55:36 kazblox: no im not :) 2017-03-27 12:57:08 is there a "scala" package in alpine? I've looked through the packages but couldn't find any 2017-03-27 13:03:40 lol 2017-03-27 13:04:12 probably not 2017-03-27 13:04:19 anyways 2017-03-27 13:05:40 ncopa: about one of the packages you maintained... is xf86-video-mach64 and mesa-dri-mach64 still broken? They've both been left out of packaging since 2011 because building xf86-video-mach64 "broke" 2017-03-27 13:08:49 I'm not sure if the situation applies now 2017-03-27 14:07:58 oh nothing is built with pam support in alpine that's why pam doesn't work :p 2017-03-27 14:13:45 is there a reason for excluding pam? 2017-03-27 14:14:12 kahiru: pam is a complex piece of shit 2017-03-27 14:14:20 lightness would be a good reason 2017-03-27 14:14:26 sadly can't argue with that 2017-03-27 14:15:46 and yeah, pam is complex, but it also enables lots and lots of nifty things 2017-03-27 14:16:30 i wouldn't want security-related software to do nifty things, i want it to be as light as possible. 2017-03-27 14:17:38 it's more common to have a software developer misunderstand one of the hundred usable APIs for checking a password or login permission than it is that anybody uses some advanced shit like two-factor trusted-computing-device login. 2017-03-27 14:17:46 good point, but on the other hand, you'll end up coding a lot of security features yourself by ignoring something like pam, which usually isn't a very good idea either 2017-03-27 14:18:09 damned if you do, damned if you don't kind of thing 2017-03-27 14:18:33 i don't feel damned at all :) 2017-03-27 14:18:42 you know how i unlock my computer at work? 2017-03-27 14:18:50 i don't input a password. 2017-03-27 14:19:03 yeh, but as the saying goes, those who don't understand security are doomed to reimplement it poorly 2017-03-27 14:19:04 one less ways for people to see me type my password 2017-03-27 14:19:42 the way i unlock my screen is `ssh work-computer killall slock`, which gets triggered when i plug in my laptop into my docking station :) 2017-03-27 14:20:31 i completely reimplemented all this shit manually 2017-03-27 14:20:53 and still my coworker's mechanism is poorer. 2017-03-27 14:21:05 because i can just snoop their password while they unlock their screen. 2017-03-27 14:22:16 <^7heo> hiro: or you work in your own office 2017-03-27 14:22:20 <^7heo> hiro: and nobody can see you type. 2017-03-27 14:22:29 ^7heo: you always close your window blinds? :) 2017-03-27 14:22:45 <^7heo> if anyone can see my typing from THAT distance 2017-03-27 14:22:55 <^7heo> they really deserve access. 2017-03-27 14:23:08 hiro: kahiru: pam is a complex piece of shit < lol good one 2017-03-27 14:23:44 secure systems have to be based on complex (elliptic key maths, private/public key distribution), but well abstracted universal interfaces. 2017-03-27 14:23:47 PAM is not universal 2017-03-27 14:24:00 elliptic keys are based on some simple verifiable mathematical properties 2017-03-27 14:24:14 this can simply be implemented wherever it needs to be used 2017-03-27 14:24:23 PAM is some linux shit, windows doesn't even care about it. 2017-03-27 14:24:32 but elliptic keys work just fine on windows. 2017-03-27 14:25:20 this is about being universal 2017-03-27 14:25:30 if something is not universal, you have to think if the complexity of it is worth it. 2017-03-27 14:26:01 in the case of PAM it clearly isn't, because practice shows more bugs are introduced for the common user than it can ever elevate the single user's security. 2017-03-27 14:27:17 and PRNG's 2017-03-27 14:27:18 ^7heo: counterexample: let's say you use PAM, with password login and a cordless keyboard :) 2017-03-27 14:27:59 dminca: hmm? 2017-03-27 14:28:04 PAM is not just Linux tho. Not Windows, but definitely not just Linux. 2017-03-27 14:29:08 TBB: well, just look at stuff that is supposed to run on both linux and bsd 2017-03-27 14:29:14 TBB: it's all non-trivial 2017-03-27 14:29:15 randomness generated from a library programatically is not random at all, as it's generated from a seed 2017-03-27 14:29:27 <^7heo> hiro: I dunno, some stuff is. 2017-03-27 14:29:43 <^7heo> hiro: you can make some portable simple code that runs on POSIX. 2017-03-27 14:29:47 dminca: sure, that's basic knowledge related to crypto. 2017-03-27 14:30:24 dminca: but there's interfaces on most systems (sadly they differ quite often) that will get you comparable quality of randomness for crypto purposes. 2017-03-27 14:32:16 of course /dev/urandom for example should block if the seed comes from flash on an embedded device and there's no other entropy available yet (obviously manufacturers get this wrong sometimes) 2017-03-27 14:32:41 but this is all possible to provide comfortably. 2017-03-27 14:33:05 ^7heo: well, something simple like slock has non-linux specific code ini it. 2017-03-27 14:33:27 <^7heo> hiro: I didn't check the slock code. 2017-03-27 14:33:30 <^7heo> hiro: I should have. 2017-03-27 14:33:58 i keep on complaining on suckless about this shit 2017-03-27 14:34:22 obviously slock should have X11 dependencies 2017-03-27 14:34:31 restricting it to run only on systems with X11 2017-03-27 14:34:40 but then... 2017-03-27 14:34:47 #ifdef __linux__ 2017-03-27 14:34:47 #include 2017-03-27 14:34:47 #include 2017-03-27 14:34:57 you have to prevent getting killed... 2017-03-27 14:35:01 <^7heo> ah 2017-03-27 14:35:23 then 2017-03-27 14:35:23 #if HAVE_SHADOW_H 2017-03-27 14:35:40 #else 2017-03-27 14:35:44 #ifdef __OpenBSD__ 2017-03-27 14:35:49 #endif /* __OpenBSD__ */ 2017-03-27 14:35:52 #endif /* HAVE_SHADOW_H */ 2017-03-27 14:36:25 getspnam(pw->pw_name) vs. getpwuid_shadow(getuid()) 2017-03-27 14:36:30 already this is too much for me 2017-03-27 14:37:24 now with PAM this will just go to infinitely more retarded extend 2017-03-27 14:40:41 ah shit, above i didn't put the first version: getpwuid(getuid()) 2017-03-27 14:41:01 see i got confused immediately when i saw those 3 functions needed by slock 2017-03-27 14:41:03 <^7heo> hiro: basically, if you make the mouse disappear, it kills it 2017-03-27 14:41:16 <^7heo> I think I submitted a patch for that a while ago 2017-03-27 14:41:20 ^7heo: that also? 2017-03-27 14:41:24 <^7heo> yeah 2017-03-27 14:41:29 ^7heo: hmm, i complained about what happens when network disappears 2017-03-27 14:41:41 <^7heo> I didn't try that yet 2017-03-27 14:42:00 ^7heo: then when you press enter and it tries to do some weird request via nscd it segfaults iirc 2017-03-27 14:42:15 but perhaps they changed this in the current code after some tard made a CVE about it 2017-03-27 14:42:20 hiro: Hi 2017-03-27 14:42:31 pickfire: hey :) 2017-03-27 14:42:50 hiro: Haven't seen you for quite some tim. 2017-03-27 14:43:17 pickfire: i keep on spamming the suckless mailing list :) 2017-03-27 14:43:23 Ah 2017-03-27 14:43:31 :D 2017-03-27 14:43:32 and sometimes i say something here or in musl or so, just for fun 2017-03-27 14:43:41 oh 2017-03-27 14:43:43 today i drank too much cafe so i have to annoy *ALL CHANNELS* 2017-03-27 14:43:54 Haha 2017-03-27 14:44:09 hiro: How many channels do you have there? 2017-03-27 14:44:10 hi hiro 2017-03-27 14:44:19 pickfire: no idea, didn't automate it yet. 2017-03-27 14:44:33 Haha, annoy all channels 2017-03-27 14:44:38 eheh 2017-03-27 14:44:47 Chlorophytus: guten. 2017-03-27 14:45:07 uuuhhhhh 2017-03-27 14:45:42 buenos dias :) 2017-03-27 14:45:45 hahaha http://git.suckless.org/slock/commit/?id=597469541c10fdb8920ed190b72763b0719e5cb5 2017-03-27 14:45:54 i didn't even GET to complain about this kind of stuff 2017-03-27 14:46:38 i feel like the only one on here using a single board x86 computer :d 2017-03-27 14:46:39 heh 2017-03-27 14:47:06 hiro: I wonder why suckless unboolify all the stuff. 2017-03-27 14:47:21 Doesn't that reduce efficiency? 2017-03-27 14:49:37 i wonder why they ever put a bool in there in the first place 2017-03-27 14:49:41 this is not java goddamnit, lol. 2017-03-27 14:50:20 Lol 2017-03-27 14:50:24 this is very lightweight problems still: http://git.suckless.org/slock/commit/?id=04143fd68dbc656905714eff5c208fadb3464e25 2017-03-27 14:50:37 <^7heo> because every C teacher I've seen in the university goes like "It's easy to define a bool type in C, just: #define bool char" 2017-03-27 14:50:44 but then there's http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 2017-03-27 14:50:49 <^7heo> "and then you can #define false 0" 2017-03-27 14:50:58 <^7heo> "and then you can #define true !false" 2017-03-27 14:51:07 ^7heo: That's true 2017-03-27 14:51:07 :D 2017-03-27 14:51:18 <^7heo> "and then you can just use bools!" 2017-03-27 14:51:22 <^7heo> I mean... 2017-03-27 14:51:28 <^7heo> yes it's true, you can do that. 2017-03-27 14:51:35 1 and 0 is way easier to type 2017-03-27 14:51:37 <^7heo> but, it doesn't really help anything. 2017-03-27 14:51:40 <^7heo> exactly. 2017-03-27 14:51:45 this line here was crazy: 2017-03-27 14:51:45 running = !!strcmp(crypt(passwd, pws), pws); 2017-03-27 14:52:09 But sometimes I get blurred. 2017-03-27 14:52:16 the reason i use 0 and 1 is bec. that's how it works in C. 2017-03-27 14:52:20 Between whether 1 or 0 is true. 2017-03-27 14:52:34 you have to know *anyway* in C. 2017-03-27 14:52:35 <^7heo> hiro: that's to "cast" the return of strcmp 2017-03-27 14:52:42 like there can't be a programmer that doesn't know. 2017-03-27 14:52:43 hiro: What about short? 2017-03-27 14:53:02 <^7heo> hiro: actually it's not 0 and 1. 2017-03-27 14:53:09 <^7heo> hiro: it's 0 and non-0 2017-03-27 14:53:15 ^7heo: exactly. 2017-03-27 14:53:40 <^7heo> hiro: so yeah the !! is just wasted CPU time. 2017-03-27 14:53:47 <^7heo> hiro: on the compilation step, hopefully. 2017-03-27 14:53:49 it's not 2017-03-27 14:53:55 <^7heo> jvoisin: how? 2017-03-27 14:54:00 strcmp returns an int 2017-03-27 14:54:06 <^7heo> jvoisin: and? 2017-03-27 14:54:08 it can be different from zdro or one 2017-03-27 14:54:15 <^7heo> yes, and? 2017-03-27 14:54:23 inverting it twice will make sure that it's either zero or one 2017-03-27 14:54:27 <^7heo> and? 2017-03-27 14:54:32 <^7heo> actually, false 2017-03-27 14:54:34 <^7heo> but and? 2017-03-27 14:54:44 ACTION checks 2017-03-27 14:54:46 <^7heo> (it's gonna be zero or non-zero) 2017-03-27 14:54:51 <^7heo> check first, next time ;] 2017-03-27 14:54:52 Haha, wasted 2017-03-27 14:55:01 ^7heo: i'm not talking about the !! 2017-03-27 14:55:09 ^7heo: the problem is that they didn't check for crypt error 2017-03-27 14:55:11 <^7heo> hiro: /exec !! 2017-03-27 14:55:13 <^7heo> ACTION hides 2017-03-27 14:55:18 <^7heo> yeah true. 2017-03-27 14:55:42 ^7heo: the idea of running a function that's the main core of all your security setup, then not bothering to check the man page whether it can error... 2017-03-27 14:55:44 hiro: They assumes there is no error. 2017-03-27 14:56:01 ^7heo: and after failing to check anything important, putting the strncmp in the same line 2017-03-27 14:56:01 <^7heo> hiro: yeah, suckless. 2017-03-27 14:56:04 <^7heo> hiro: less is more. 2017-03-27 14:56:07 <^7heo> ACTION hides 2017-03-27 14:56:11 ^7heo: https://paste.debian.net/924605/ 2017-03-27 14:56:27 now ADD NETOWRK PROTOCOLS to your password scheme 2017-03-27 14:56:33 <^7heo> jvoisin: yeah, read the spec. 2017-03-27 14:56:33 and everything will go just perfectly, right? 2017-03-27 14:56:54 <^7heo> jvoisin: anything !0 is valid as in an `if` 2017-03-27 14:57:09 <^7heo> jvoisin: aside from that, the behavior of !! is unspecified AFAIK. 2017-03-27 14:57:10 so what? 2017-03-27 14:57:18 <^7heo> so first, it's WASTE as I said. 2017-03-27 14:57:21 I don't think it's unspecified 2017-03-27 14:57:23 <^7heo> it is. 2017-03-27 14:57:28 then we misunderstood each other 2017-03-27 14:57:29 <^7heo> !0 can be anything. 2017-03-27 14:57:30 <^7heo> not 1. 2017-03-27 14:57:42 I thought that you said that `!!` was useless in _any_ situation 2017-03-27 14:57:44 <^7heo> if can be 0xFFFFFFFF on 32 bits for exmaple. 2017-03-27 14:57:49 <^7heo> no I didn't. 2017-03-27 14:58:01 <^7heo> but also, now, I will say that YES IT IS. 2017-03-27 14:58:04 hence why I said "I thought" 2017-03-27 14:58:09 the sucklesss people were incapable of making slock works in any secure way -> then you want to propose anybody will be able to know how to use PAM safely? 2017-03-27 14:58:10 <^7heo> (in C, not in javascript) 2017-03-27 14:58:16 haha 2017-03-27 14:58:24 <^7heo> because you can't assume that !0 will be 1. 2017-03-27 14:58:30 <^7heo> not everybody uses THAT version of THAT compiler. 2017-03-27 14:58:56 https://kernelnewbies.org/FAQ/LikelyUnlikely 2017-03-27 14:58:59 ^7heo: what does gcc do? 2017-03-27 14:59:04 apparently, it's used by the kernel 2017-03-27 14:59:05 <^7heo> hiro: it sets !0 to 1. 2017-03-27 14:59:14 <^7heo> hiro: which is a purely arbitrary implementation detail. 2017-03-27 14:59:41 this should be the main argument then :) 2017-03-27 15:00:25 <^7heo> v_v 2017-03-27 15:01:16 ^7heo: The result of the logical negation operator ! is 0 if the value of its operand compares unequal to 0, 1 if the value of its operand compares equal to 0. The result has type int. The expression !E is equivalent to (0==E). 2017-03-27 15:01:26 §6.5.3.3/4 C99 2017-03-27 15:01:32 so, yeah, 0 or 1. 2017-03-27 15:01:51 jvoisin: I mean if you want to print 1 or 0 then fine but if you do it on a if then WASTED 2017-03-27 15:02:11 I know 2017-03-27 15:02:14 <^7heo> jvoisin: C99 2017-03-27 15:02:21 <^7heo> again. 2017-03-27 15:02:23 <^7heo> same problem. 2017-03-27 15:02:31 <^7heo> version-specific detail. 2017-03-27 15:02:51 "^7heo > jvoisin: yeah, read the spec." ← then what spec shall I read? 2017-03-27 15:02:55 <^7heo> ansi C 2017-03-27 15:03:12 C11 haha 2017-03-27 15:03:40 of course most read the ancient c89 2017-03-27 15:04:22 <^7heo> yeah 2017-03-27 15:06:26 I fail to see why this couldn't be true for C89 2017-03-27 15:07:30 <^7heo> because it's NOT specifide. 2017-03-27 15:07:32 <^7heo> s/de/ed/ 2017-03-27 15:07:47 <^7heo> gosh you're thick. 2017-03-27 15:09:44 K&R, §A.7.2, The result of the logical negation operator ! is 1 if the value of its operand is 0, 0 if the value of its operand is non-zero. 2017-03-27 15:10:06 <^7heo> Where? 2017-03-27 15:10:27 <^7heo> (also K&R != ansi C) 2017-03-27 15:11:07 §A.7.2 2017-03-27 15:11:10 <^7heo> The version of C described in this book is sometimes referred to as K&R C (after the book's authors), often to distinguish this early version from the later version of C standardized as ANSI C. 2017-03-27 15:11:19 <^7heo> https://en.wikipedia.org/wiki/The_C_Programming_Language#History 2017-03-27 15:11:25 <^7heo> I mean, yes, it's OFTEN 1. 2017-03-27 15:11:42 <^7heo> but you can find compilers which return 0xFFFFFFFF. I've seen that. 2017-03-27 15:12:00 <^7heo> ACTION looks in the direction of microchip 2017-03-27 15:12:39 <^7heo> but that starts to be highly offtopic anyway 2017-03-27 15:12:47 yup, sorry for the noise 2017-03-27 15:13:05 <^7heo> And long story short, you can just do an if 2017-03-27 15:13:18 <^7heo> or a macro 2017-03-27 15:13:21 <^7heo> instead of !! 2017-03-27 15:13:25 <^7heo> and that'll ALWAYS be correct 2017-03-27 15:13:32 <^7heo> like, a ternary operator... Done. 2017-03-27 15:14:08 <^7heo> #define CAST_BOOL(x) (x)?1:0; 2017-03-27 15:14:20 <^7heo> can't be more correc than that. 2017-03-27 15:14:27 <^7heo> s/ec/&t/ 2017-03-27 15:15:31 <^7heo> also, the kernel has many more, and more problematic gcc dependencies, afaik. 2017-03-27 15:16:51 indeed 2017-03-27 15:17:01 pipacs managed to compile it with clang 2017-03-27 15:20:50 ^7heo: oh, you were mentioning exec 2017-03-27 15:21:27 ^7heo: that's another thing: why can't slock output a line of text to stdout when it has successfully locked the screen, so that a script running outside of slock might start whatever stupid programs it wants... 2017-03-27 15:22:05 but nope, they have to add stupid unneeded logic to parse the arguments :) 2017-03-27 15:22:12 which is completely unneededf 2017-03-27 15:22:20 the "post-lock" command 2017-03-27 15:24:22 ^7heo: XNextEvent will return 0? 2017-03-27 15:25:57 ^7heo: seems like they assume sometimes it doesn't return 0, but where is this even documented? 2017-03-27 15:26:08 <^7heo> hiro: also it should monitor the attemps 2017-03-27 15:26:20 <^7heo> hiro: instead of stupidly coloring the screen 2017-03-27 15:26:30 ^7heo: yeah, possibly. 2017-03-27 15:27:27 ^7heo: i actually have the colors completely removed 2017-03-27 15:27:31 my screen is simply black 2017-03-27 15:27:32 always. 2017-03-27 15:27:48 so nobody will even know wtf is up :D 2017-03-27 15:28:32 <^7heo> yeah 2017-03-27 16:22:38 skarnet: A couple questions on your comments. What happens if the set -e shell has an error during init, do we get a hung machine or a reboot? 2017-03-27 16:24:05 skarnet: Can we be certain that the kernel hasn't mounted anything at the users request before we got to init? Being wrong could be disasterous if thee is a live FS mounted that we wipe. 2017-03-27 16:26:44 skarnet: /dev/console is actually populated by a cpio archive embedded in the kernel. The devices in /dev could be bogus in the case of a bad append, and if malicious, could be used to breach crypto keys. 2017-03-27 16:28:26 skarnet: Also, with the tmpfs mount, we have control over the mount-opts independently, which may be important for securing against undesired program execution from untrusted locations. 2017-03-27 16:29:32 skarnet: devtmpfs has far more in it than we want or need early in the boot process, and again could represent a means of leaking in the right (wrong) hands. 2017-03-27 16:30:38 skarnet: I'm looking at it from a paranoid POV and not taking anything for granted. 2017-03-27 16:31:56 (simple example, /dev/null created with the dev numbers for the serial port -- I saw this done years ago!) 2017-03-27 16:32:37 I might be missing something here, but... who are you talking to? 2017-03-27 18:23:07 how do I install who and w ? 2017-03-27 18:29:24 <_ikke_> Guest51853: I believe they won't work with musl (lacking wtmp et al) 2017-03-27 18:29:40 ta 2017-03-27 18:44:45 when Ilook at the load average it says it is 1 but I'm hardly running anything, top doesnt say anything useful except the the cpu is 99% idle 2017-03-27 20:38:03 is there no wiringpi.h in archlinux? 2017-03-27 21:57:21 I am having weird issues with Alpine 2017-03-27 21:57:58 at first, while trying newer version, it was possible to start X, but the classic linux console or anything framebuffer based was invisible (possible to type there but nothing seen at all) 2017-03-27 21:59:25 now it's the opposite (with older kernel/init/mods), the console is visible, and even X was working, but out of nowhere startx shows the cursor, but after a second it blacks out and freezes (unable to do anything) 2017-03-27 21:59:53 what version 2017-03-27 22:00:12 not sure now 2017-03-27 22:00:19 :/ 2017-03-27 22:00:25 but what it could be 2017-03-27 22:00:26 i had the first issue, it was simply a change of deps in the modules that are loaded in the initramfs 2017-03-27 22:00:39 nsz: what deps 2017-03-27 22:00:57 so if you customized the init stript and then updated the kernel then you did not get the fb set up right 2017-03-27 22:00:59 nsz: .. were missing so the framebuffer wasn't visible really 2017-03-27 22:01:07 nsz: that could be it 2017-03-27 22:01:13 nsz: customized init scripts 2017-03-27 22:01:34 nsz: wouldn't think the fbdev would be anyhow handled there 2017-03-27 22:02:03 ah it was kms 2017-03-27 22:02:09 the kernel mode switch module 2017-03-27 22:02:25 /etc/mkinitfs/mkinitfs.conf 2017-03-27 22:02:37 see if you have an *.apk-new of that file 2017-03-27 22:02:40 nothing with /etc/init.d folder? 2017-03-27 22:05:20 nsz: quite not understanding it. If it is something with the deps in the modules in initramfs, and I have changed only the init.d scripts, then it must be someting with that (if the console should be visible on boot, as I assume it should). So the kms in /etc/mkinitfs/.. is called from init.d folder? 2017-03-27 22:05:37 if you do not have kms enabled in initramfs, enabling it might help 2017-03-27 22:05:46 nsz: thanks for pointing on it and reacting 2017-03-27 22:07:12 mkinitfs builds the initramfs that executes before init.d stuff 2017-03-27 22:08:37 thought it's already build by default in the release, not being built on the fly anytime 2017-03-27 22:08:58 so I should enable kms, isn't it possible even via boot arguments? 2017-03-27 22:09:11 it is in /boot 2017-03-27 22:09:15 and you can rebuild it 2017-03-27 22:09:40 that's great 2017-03-27 22:10:37 I wonder why the console works in older version of Alpine, yet doesn't now. Is it now mandatory to enable kms or is it device-based issue? (gpu) 2017-03-27 22:10:56 i think /usr/share/mkinitfs/initramfs-init is the script that runs by default 2017-03-27 22:11:16 and you can parametrize it by the conf file 2017-03-27 22:11:37 you might get similar effect by passing some boot params to the kernel 2017-03-27 22:11:48 but i dont know the details 2017-03-27 22:12:07 for me updating mkinitfs and reruning mkinitfs solved the problem 2017-03-27 22:12:22 you might have a different issue though 2017-03-27 22:13:05 maybe. as I am using the initramfs from the new version as well (new version: kernel, modloop, initramfs ..). But it could be a lot of things. Thanks for all the input. 2017-03-28 07:44:04 can someone help me deciding what type of alpine to get? 2017-03-28 07:44:37 depends on where you'll use it 2017-03-28 07:44:41 why is there 'Runs from RAM' along Extended version. I thought all do 2017-03-28 07:44:53 if you're using for production, I suggest 4.3 2017-03-28 07:45:37 and does the raspberry pi one support even audio there? I think previous version wasn't working (jack on pi wasn't working, no audio) 2017-03-28 07:46:07 why alpine on raspberry pi? 2017-03-28 07:46:22 just to try, why not? 2017-03-28 07:46:39 it lacks 'some' media drivers due to their complexity of building them 2017-03-28 07:47:15 but that is just as a bonus, mainly I am concerned of what type to get for regular device. the mentioned raspberry pi missing audio is aside 2017-03-28 07:47:38 just use the edge one :) 2017-03-28 07:47:42 it has latest packages 2017-03-28 07:47:47 what can I expect from vanilla release? 2017-03-28 07:48:07 I didn't have any issues with it 2017-03-28 07:48:07 Vanilla release is not protected with Grsec 2017-03-28 07:48:19 but otherwise it has the same modules etc.? 2017-03-28 07:48:25 why do you need protection with Grsec? 2017-03-28 07:48:31 I don't 2017-03-28 07:48:33 you're just going to use it on a raspberry 2017-03-28 07:48:55 yeah so edge would be a good try 2017-03-28 07:48:59 (the raspbbery pi mention was just a bonus, I mean using Alpine on regular device) 2017-03-28 07:49:14 yeah, a bonus candy shipped via Amazon Air 2017-03-28 07:49:19 lol :p 2017-03-28 07:49:33 you never know until you try 2017-03-28 07:49:36 :) 2017-03-28 07:50:06 vanilla has "suitable for debugging" there. why. 2017-03-28 07:50:31 that it allows reading something more from the functionality of kernel due to lack of grsec? 2017-03-28 07:52:56 also I would like to try to compile the kernel (at first just recreate the one included in Vanilla for example). Is that possible? 2017-03-28 07:59:02 naturally. get aports, have a look, modify if you want, build. done. 2017-03-28 09:06:00 ^7heo: 2017-03-28 09:06:01 [dev] [slock] 1.4 no longer working on freebsd with ldap/kerberos 2017-03-28 09:09:51 ^7heo: it's a mail from today 2017-03-28 09:10:14 ah no, 21st 2017-03-28 11:03:26 <^7heo> hiro: meh 2017-03-28 11:03:33 <^7heo> it's not unix anyway 2017-03-28 11:03:35 <^7heo> it does too much 2017-03-28 11:26:15 Greetings! 2017-03-28 11:30:02 <^7heo> ginjachris: greetings. 2017-03-28 12:08:17 Anyone using php7 and php7-redis on 3.5? I get a warning that php can't find the redis.so 2017-03-28 12:08:48 It exists, but not in the place php is looking for it. It's in /usr/lib/php7/modules now, apparently 2017-03-28 12:11:10 (while php is looking in /usr/lib/php7) 2017-03-28 12:12:05 ^7heo: bsd? 2017-03-28 12:15:59 <^7heo> hiro: was bsd? 2017-03-28 12:16:15 <^7heo> Kruge: symlink it ;) 2017-03-28 12:16:37 <^7heo> Kruge: and report the issue to the maintainer of both packages, so the discuss about what is to be done there. 2017-03-28 12:17:22 ncopa: i noticed that with some (probably buggy) terminals, the apk progress bar ends up with a new line with each bar update. that's because the bar reaches the very last column of the terminals and on some terminals if that happens on the bottom-most line then it does a newline. some other progress bars avoid it by printing upto width-1, e.g. debian's apt, and others. i built apk-tools and changed it to do the same, and it fixes the issue. my patch to 2017-03-28 12:17:22 print.c was either to change "bar_width = apk_get_screen_width() - 7;" to -8, or change apk_get_screen_width() to return whatever it returns -1. both approaches fix the issue. would you consider making this change? 2017-03-28 12:17:30 symlinked, can't find symbols 2017-03-28 12:26:24 Filed at https://bugs.alpinelinux.org/issues/7064 2017-03-28 12:34:02 I suspect this is linked: https://bugs.alpinelinux.org/issues/7048 2017-03-28 12:34:38 (changing -7 to -8 will probably be better, because it doesn't add any more vagueness ;) ) 2017-03-28 12:35:05 There's no php-redis package in community, and the fix to stay with using php7.0 is to use community 2017-03-28 12:41:02 guys, anyone tried to fake missing sysmbols for musl? I can't run UrbanTerror just because of one symbol missing. http://www.urbanterror.info/forums/topic/34927-missing-symbol-on-musl-libc/ 2017-03-28 12:42:48 you can LD_PRELOAD a .so containing the symbol 2017-03-28 12:43:16 Shiz: it is a glibc symbol 2017-03-28 12:43:22 yes 2017-03-28 12:45:19 I thought If I can patch the musl to cantain that symbol as an alias of corresponding one 2017-03-28 12:46:39 how would one startx in specific resolution? (like 1280x720) 2017-03-28 12:47:04 there is no corresponding symbol in musl 2017-03-28 12:47:48 asldfkjasdlkfja: Xorg.conf 2017-03-28 12:49:06 asldfkjasdlkfja: add this to .xinitrc -> xrandr --otput HDMI1 --mode "1280x720" 2017-03-28 12:49:19 * --output 2017-03-28 12:50:26 terra: what if I want it on internal display (laptop monitor) 2017-03-28 12:50:43 HDMI1 --> LVDS1 2017-03-28 12:51:19 check "xrandr" command output if "1280x720" available 2017-03-28 12:52:12 If no such mode listed, you have to assign it. 2017-03-28 12:57:45 where in xinitrc should the command be? start? 2017-03-28 12:58:00 avih: ask fabled 2017-03-28 12:58:17 asldfkjasdlkfja: do you launch x11 from console? 2017-03-28 12:58:25 fabled: ^ re apk progress bar. ncopa thx. 2017-03-28 12:58:42 avih, if you have patch, please submit that for review 2017-03-28 12:58:47 yes, I type startx 2017-03-28 13:00:10 ok then.. just add xrandr line just before last line only last line begins with "exec" 2017-03-28 13:00:24 thanks so much terra 2017-03-28 13:00:36 you're welcome 2017-03-28 13:00:56 ^7heo: the it's not unix part 2017-03-28 13:01:07 I was worrying a lot about it. Information is everything they said. 2017-03-28 13:01:14 ^7heo: what does it's referto? 2017-03-28 13:13:19 xrandr 2017-03-28 13:19:07 fabled: https://github.com/alpinelinux/apk-tools/pull/4 2017-03-28 13:55:11 <^7heo> hiro: ping 2017-03-28 13:55:19 <^7heo> hiro: are you using dwm-menu? 2017-03-28 14:00:53 avih, thanks, looks good. i need to run now, but will probably merge it early tm. 2017-03-28 14:01:05 fabled: thx. 2017-03-28 14:09:29 <^7heo> hiro: I mean dmenu. 2017-03-28 14:40:22 ^7heo: no, i dont use dwm's dmenu 2017-03-28 14:41:22 <^7heo> ok, good for you. 2017-03-28 14:41:37 cause they kept on pikeshedding it 2017-03-28 14:42:03 wmii kept on breaking cause they changed dmenu in the meantimes 2017-03-28 14:42:31 so they just copied it over i think. most people probably wouldn't notice the difference 2017-03-28 14:43:05 actually, now that ithink of it i might be using a patched dmenu somewhere 2017-03-28 14:43:22 cause the default became so stupid i definitely fixed it at some point 2017-03-28 14:43:30 but i don't remember :) 2017-03-28 14:44:13 anyway, probably its wimenu and customized dmenu 2017-03-28 14:44:44 I've got a bit of a scenario that I'm looking a solution to, once again 2017-03-28 14:45:53 now, if I understand correctly, using repo tags in APKBUILD build time dependencies is not supported 2017-03-28 14:46:18 (to be honest, that would be a bad idea anyway) 2017-03-28 14:47:17 hi all 2017-03-28 14:47:29 is it possible toinstall alpine using zfs partitions? 2017-03-28 14:47:45 in short: yes 2017-03-28 14:48:08 TBB: using the default installation iso or ...? 2017-03-28 14:50:15 that I don't know; I don't do ZFS 2017-03-28 14:52:51 now, I wonder what the correct procedure would be to handle such build time dependencies. the way I do builds is in a one-use chroot that I restore from a snapshot and generate a build script inside the chroot that I then run; I can always do "apk update; apk add package@tag" in the chroot before running the build script but somehow I dislike that idea even though it works 2017-03-28 14:53:41 madspo: At current, you have to do the zfs setup manually. You'll need the spl and zfs modules loaded, then setup a chroot from a running system and install there using zfs's temp root feature. 2017-03-28 14:54:03 one solution would be to drop the tags for in-house repositories that host such packages, but at that point I'd run into a problem with customized versions of packages that also exist in Alpine's official repos 2017-03-28 14:55:30 is there any tutorial that i can use for testing purposes? 2017-03-28 14:55:30 madspo: You have to have a zfs enabled kernel+initramfs. Take a look at initramfs + zfs on Arch Linux wiki 2017-03-28 14:56:52 madspo: I'm not using ZFS but it is doable if you use a zfs enabled kernel from Arch. 2017-03-28 14:57:18 madspo: My kernel supports ZFS but I don't use 2017-03-28 14:58:04 madspo: If you want to test work in progress code, you can try using the zfs feature in a profile under this: https://github.com/TemptorSent/aports/tree/mkimage-refactor-scripts/scripts/mkimage 2017-03-28 14:58:11 i wanted to see the performance alpine+zfs and docker 2017-03-28 14:58:26 madspo: I have it working on my test system at least. 2017-03-28 14:58:44 As a host or as a guest? 2017-03-28 14:58:54 docker host 2017-03-28 14:58:58 As a host it should work quite well. 2017-03-28 15:00:26 madspo: There is not yet any installer support in mkimage, but what you can do is pass rdinit=/bin/sh at the boot prompt and install it directly. 2017-03-28 15:00:56 madspo: the initramfs image includes the zfs tools. 2017-03-28 15:22:38 alpine on zfs would be a killer for all sorts of homemade NASes and stuff like that 2017-03-28 15:22:56 I'm really looking forward to it having support in the installer 2017-03-28 15:24:05 i've switched on lvm-cache for now, zfs will be on the new server, didn't have space to migrate to zfs remotely :/ 2017-03-28 15:25:41 lvm-cache? 2017-03-28 15:26:18 lvm has some ssd caching since a few years 2017-03-28 15:26:45 thin pools too, but for those the tools are well-hidden in alpine 2017-03-28 15:26:57 i'm gonna use it for a month or two till it's zfs time 2017-03-28 15:27:09 oh, cool 2017-03-28 15:27:21 could it be compared to bcache? 2017-03-28 15:31:11 yes, difference is that it really tracks hot blocks so the effect is building up more slowly 2017-03-28 15:31:22 but it doesn't burn through the ssd as much 2017-03-28 15:31:38 and uh 2017-03-28 15:31:52 you can turn it on without recreating your storage 2017-03-28 15:31:56 that's the nice one 2017-03-28 15:32:01 and it's a per LV decision 2017-03-28 15:32:04 nice 2017-03-28 15:32:10 so i got now like 20 cached ones and 10 uncached 2017-03-28 15:33:05 bcache is more ZOOOOOOOOOM performance-wise 2017-03-28 15:34:28 you almost make me regret not using it 2017-03-28 15:53:26 darkfader: is there some handy guide on using it or did you just follow the manpages? 2017-03-28 15:54:02 https://gist.github.com/FlorianHeigl/caf2ea6b66d05cd264509493db3b7869 2017-03-28 15:54:08 there's manuals too 2017-03-28 15:54:54 i read a few howtos, over a few years, before i did switch 2017-03-28 15:55:42 you need to check how big the "cachemetadata" volume needs to be, there are some traps ;-) 2017-03-28 16:02:51 cool, thanks 2017-03-28 16:16:45 bcache is writeback, rhel lvmcache guide says the metadata volumes needs to be 1000x smaller than the cache volume, it would be nice to compare lvmcache with zfs l2arc and the stuff you usually find in ssd boosted hdds 2017-03-28 16:17:59 would be nice 2017-03-28 16:18:08 but most comparisons are like on a laptop level 2017-03-28 16:18:12 (as in sshd) 2017-03-28 16:18:49 a benchmark on a vm host with 50 vms would be helpful, plus tracking filling IO and such 2017-03-28 16:18:59 but that's just too intense 2017-03-28 16:19:11 i think lvm-cache is a bad iops booster on random stuff 2017-03-28 16:19:13 really bad 2017-03-28 16:19:26 but for tuning something that's running all year, it's likely the best 2017-03-28 16:33:22 darkfader: all cache systems would be bad on purely random stuff, pretty much by definition 2017-03-28 16:33:53 the trick is to find out if what you actually use often would fit in the cache or not 2017-03-28 16:34:27 which is pretty hard at the block level, but it can provide some boosts for 'general' use 2017-03-28 16:34:45 koollman: most define "least recently used" or such, and have no real idea of "hot" 2017-03-28 16:34:50 yeah 2017-03-28 16:34:59 bcache is really good for the general case 2017-03-28 16:37:42 2015 i carried a big fat supermicro to CCC, 4 nodes and each with a 950pro as bcache device in front of the disks, then lizardfs on top and on each running an ftp 2017-03-28 16:37:53 so it was a really nice ftp cluster with ssd cached backend 2017-03-28 16:38:20 because i really wanted to see an actual, non-benchmark use 2017-03-28 16:38:30 darkfader: nice idea :) 2017-03-28 16:39:07 snapped my back though so economically it would have been cheaper to buy a server there :/ 2017-03-28 16:39:24 but still, was a good and more trustable benchmark 2017-03-28 16:40:05 darkfader: ideally I would like ARC algorithm (like zfs) in a bcache-like system. But of course, one might also just use zfs at this point :) 2017-03-28 16:40:05 darkfader: what was the result? 2017-03-28 16:40:22 seems a bit smarter than mere lru 2017-03-28 16:40:33 darkfader: people uploaded all their porn and dvdrips or what? 2017-03-28 16:40:49 hiro: bcache hitrate never gets good, but it's enough to even out IO latencty 2017-03-28 16:40:59 i.e. because it flattens random IO 2017-03-28 16:41:26 hehe, conference recordings were a large part of what was fetched 2017-03-28 16:41:47 so even a perfectly legal ftp (would have been) can be fine 2017-03-28 16:42:16 so on that end, the result was i ran diskscrub 2017-03-28 16:42:25 also bcache supports writeback, so that's a pretty good start on the write side 2017-03-28 16:42:46 koollman: yeah, that's where i got the positive effect 2017-03-28 16:42:48 even assuming worst case for all reads, sometimes you want a low-latency write 2017-03-28 16:42:59 really hot reads will be in ram anyway :) 2017-03-28 16:45:31 yep 2017-03-28 16:46:02 i remember i also at some point just turned off all "skip sequential" and such stuff to forcibly warm up the cache 2017-03-28 19:25:30 mornin mornin 2017-03-28 19:32:14 ACTION pours Chlorophytus a dram. 2017-03-28 19:50:19 oh i see 2017-03-28 19:50:29 sadly i'm on the happy stuff 2017-03-28 19:55:16 Chlorophytus: *lol* It's a very old miner's tradition around here... the miners would go bar-to-bar for a free dram of whiskey before heading of to the mines. 2017-03-28 19:55:30 o= 2017-03-28 19:56:57 It was called "Mornin's Mornin's" 2017-03-28 19:59:36 ah at my first high school a security guard would say "Mornin' Mornin'" and it just carried with me. 2017-03-28 20:23:19 hi 2017-03-28 20:23:49 kaniini: :D hi coffee'd out right now and happy i set up a ghetto gateway 2017-03-28 20:24:25 /b 18 2017-03-28 20:24:49 ? 2017-03-28 20:25:23 ah my the hm 2017-03-28 20:26:29 nvm. meh. it's a sunny day 2017-03-28 22:01:35 ncopa: https://thenewstack.io/alpine-linux-heart-docker/?utm_content=buffer51032&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 2017-03-28 22:01:40 "It uses the Linux kernel (with an unofficial port of grsecurity patch), musl, C Library, BusyBox, LibreSSL, and OpenRC." 2017-03-28 22:01:44 that C library links to glibc 2017-03-28 22:01:52 may be useful to contact the author for an amendment :p 2017-03-29 01:32:27 hi all, im using a 3.4 docker image and i cant seem to install shadow at all after updating the repo index. All i get is an unsatisfiable constraints error. 2017-03-29 01:32:43 that probably means the package doesn't exist 2017-03-29 01:33:17 samus: the shadow package got added in 3.5 2017-03-29 01:33:21 so that would explain why 2017-03-29 01:33:55 a lot that shadow does should already be doable by the builtin busybox utils tough 2017-03-29 01:33:59 (adduser/addgroup and friends) 2017-03-29 01:35:09 i know but those arent supported by the ansible module im using 2017-03-29 01:35:39 that explains why changing the repo URLs to 3.5 worked 2017-03-29 05:59:17 fabled: thanks. 2017-03-29 08:52:55 Hi guys! does anyone managed to get alpine linux working on Pi Zero W? aparently something is not working with the wireless... 2017-03-29 08:52:56 https://bugs.alpinelinux.org/issues/6959 2017-03-29 10:53:55 anyone familiar with sys/extlinux? I'm doing a remote install of AL and stumbling at the syslinux stage 2017-03-29 10:57:32 What’s going on? :) 2017-03-29 11:06:47 this is a hosted service (kimsufi). i've booted the hosted server from a debian rescue image, and booted a custom alpine.iso vm from the rescue image using qemu. carved out a partition sda1, mounted it in /mnt and run setup-disk -m sys -o my_apkovl /mnt 2017-03-29 11:07:28 sda1 is active, mbr.bin is on sda and extlinux -i /mnt/boot 2017-03-29 11:07:52 i've got a /mnt/boot/extlinux.conf file set up 2017-03-29 11:09:06 booting /dev/sda fails after syslinux tells me im missing a configuration file (/boot/extlinux.conf i presume) 2017-03-29 11:21:35 Hmmm, odd. 2017-03-29 11:24:03 ScrumpyJack: I don’t think you’ve missed a step… maybe try the update-extlinux script? (make sure you properly editted /etc/update-extlinux.conf and make a backup of your extlinux config just in case) 2017-03-29 11:25:05 someone v helpful in #syslinux mentioned http://www.syslinux.org/wiki/index.php?title=Filesystem#ext 2017-03-29 11:25:17 so trying again with ext3 2017-03-29 11:27:48 Oh, right! I always forget about that 2017-03-29 11:42:55 yup, worked with ext3 2017-03-29 11:45:32 Yay! 2017-03-29 12:27:12 Shiz: indeed 2017-03-29 12:33:42 does anybody use alpine on kirkwood (armv5) ? 2017-03-29 12:33:58 also, no hardware float 2017-03-29 12:35:22 guys, is there a proper way to use "ldconfig" on musl based distros? 2017-03-29 12:36:47 ScrumpyJack: ext4 doesn't work? 2017-03-29 12:36:55 ScrumpyJack: or what did you have before? 2017-03-29 12:43:09 Can I block/blacklist a package from being installed? For example, block gtk+2.0 on a headless server such that packages requesting it generate an error. 2017-03-29 12:44:06 tw: might it wot works with: apk add !gtk+2.0 2017-03-29 12:44:18 or might work to add it to /etc/apk/world 2017-03-29 12:44:35 hiro: ext4 on your boot partition works if you create your fs without 64bit features ( mke2fs ... -O \^64bit ) 2017-03-29 12:45:18 http://www.syslinux.org/wiki/index.php?title=Filesystem#ext 2017-03-29 12:45:51 ScrumpyJack: i thought ext3 and 4 are supposedly compatible as long as you ignore the journal... 2017-03-29 12:45:54 tw: what package are you installing that has gtk+2.0 as a dependancy? 2017-03-29 12:45:58 ncopa: `apk add '!gtk+2.0'` worked like you said it would. 2017-03-29 12:46:12 ScrumpyJack: unison from testing. 2017-03-29 12:46:13 nice :) 2017-03-29 12:48:47 there should really be two packages for unison in that case, a unison and a unison-gtk2 2017-03-29 12:52:24 I agree, but it's testing, so I don't complain too much. ;) 2017-03-29 12:53:53 Someone here was using an alternative initramfs, but I don't recall what it was called, better-initramfs or something? Any clue how to hook that up alpine's usual upgrade cycle? 2017-03-29 12:53:59 (e.g. not have it override the initramfs) 2017-03-29 12:54:21 I can't boot my root using the default initramfs, as it doesn't support issuing 'btrfs device scan' at the right moment/time. 2017-03-29 12:54:31 I guess I should file an issue for that at some point. 2017-03-29 13:11:09 I imagine some modularization of initramfs-init could be useful 2017-03-29 13:14:27 TBB, yes, some dracut like hooks execution point might be one option. might even consider trimmed version of dracut. 2017-03-29 13:14:57 yeh. dracut works, but it's messy 2017-03-29 14:56:12 anyone here have 1920x1080 on antergos w/ nvidia video card? 2017-03-29 15:15:44 Hi, Im trying to do a sudo in a docker container. I get docker exec slave_php_1 sudo -u web sudo /usr/bin/nmap -> sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? 2017-03-29 15:16:30 you're running sudo with sudo 2017-03-29 15:16:37 get rid of the second one 2017-03-29 15:16:52 The first one is because the container runs as root 2017-03-29 15:16:58 sudo -u web switches to web user 2017-03-29 15:17:14 In my container, I have a crond running php process under web user 2017-03-29 15:17:53 nindustries: which user do you want to run /usr/bin/nmap as? 2017-03-29 15:17:54 yes, but that's not relevant - which user do you want running nmap, web or root? 2017-03-29 15:18:07 you only need one sudo 2017-03-29 15:18:23 web 2017-03-29 15:18:28 then get rid of second sudo 2017-03-29 15:18:52 Same error with docker exec -u web slave_php_1 sudo /usr/bin/nmap :) 2017-03-29 15:19:09 And I do a RUN echo 'web ALL=(ALL) NOPASSWD: /usr/bin/nmap' >> /etc/sudoers 2017-03-29 15:19:58 web doesn't need sudo access 2017-03-29 15:20:23 if you want nmap running as root (which is what giving web sudo access and having web run "sudo nmap" would do_, then just run as root to begin with 2017-03-29 15:20:35 there's no difference 2017-03-29 15:20:58 however, the error you're getting is probably related to the suer docker's using not having root 2017-03-29 15:21:02 user* 2017-03-29 15:21:50 qman__: I dont want the php process to always run as root 2017-03-29 15:21:54 only nmap has to be ran with root 2017-03-29 15:22:03 so.. passwordless sudo for nmap 2017-03-29 15:22:30 suid the nmap but for web group 2017-03-29 15:22:39 sudo is useless 2017-03-29 15:23:31 only nmap has to be ran with root 2017-03-29 15:23:33 nindustries: which user do you want to run /usr/bin/nmap as? 2017-03-29 15:23:36 web 2017-03-29 15:23:40 wut? 2017-03-29 15:24:30 luxio: woops, root I mean 2017-03-29 15:24:49 hiro: nmap needs root for some stuff 2017-03-29 15:24:57 nindustries: read what i said again 2017-03-29 15:25:05 oh, wait 2017-03-29 15:25:19 now you're conflating sudo with root instead of web with root 2017-03-29 15:25:38 think, type, think, enter. 2017-03-29 15:26:04 I actually didn't knew about suid, thanks hiro 2017-03-29 15:26:15 Yeah, I go too fast from time to time 2017-03-29 15:26:25 exactly what i expected. most sudo users don't understand what suid is. :) 2017-03-29 15:27:10 Pretty cool 2017-03-29 15:27:29 like, basic unix trivialities, as opposed to needless shit like sudo. 2017-03-29 15:28:36 only pitfall here (on non-container systems) is you don't want to give everyone access to the suid binary, suppose they break out of that 2017-03-29 15:29:28 hiro: it works <3 2017-03-29 15:29:42 there's no pitfall. 2017-03-29 15:30:09 hi all 2017-03-29 15:30:18 you can break out of containers and you can get local root, the kernel is full of bugs waiting for you to do that 2017-03-29 15:30:38 i'm having issues with the xen hypervisor - it simply can't start nor find the /proc/xen 2017-03-29 15:30:46 i'm not sure nmap is approaching the size of your loaded kernel modules at all... 2017-03-29 15:30:56 https://wiki.alpinelinux.org/wiki/Xen_Dom0 2017-03-29 15:31:09 i've followed everything that's in here and so far i can't even run the thing 2017-03-29 15:31:20 is there something missing from my side? 2017-03-29 15:31:22 but yeah, running web shit seems like you don't care about security anyway 2017-03-29 15:31:39 so i should have told you to stop using a web user and just run everything as root. 2017-03-29 15:31:45 doesn't make much of a difference at this point. 2017-03-29 15:32:11 eh? 2017-03-29 15:32:55 17:17 nindu In my container, I have a crond running php process under web user 2017-03-29 15:33:09 if you run php you can give up on security :) 2017-03-29 15:33:29 That's a bit .. blunt 2017-03-29 15:33:47 this is #alpine-linux, not the ubuntu enterprise helpline. 2017-03-29 15:33:50 THis isn't a website, it's a script that pulls tasks from a main server 2017-03-29 15:33:54 you can pay extra if you want less blunt. 2017-03-29 15:34:01 get some coffee mate 2017-03-29 15:34:06 you seem to need it 2017-03-29 15:34:13 i'm not your "mate". 2017-03-29 15:34:24 or w/e helps sourness 2017-03-29 15:34:43 nindustries: don't try to remote-diagnose my psychology. 2017-03-29 15:36:05 but basically you're saying that the script doesn't even operate on data that could be mangled with... 2017-03-29 15:36:17 so then why use a non-root user in the first place? 2017-03-29 15:36:24 cron doesn't need sudo either. 2017-03-29 15:36:35 yup, removed all sudos 2017-03-29 15:37:05 good. like with everything: the most secure solution will be the one you can *understand* 2017-03-29 15:37:36 you had read that error message but didn't know what suid means, but before reading up on it you ask what to do, because... security. 2017-03-29 15:37:59 if you can't find out *on your own* what suid means, you will never be able to make a secure system with those tools at hand. 2017-03-29 15:38:21 who guarantees you people here don't just give you misinformation... how secure would that be? 2017-03-29 15:40:12 Indee 2017-03-29 15:40:14 Indeed 2017-03-29 15:54:04 hiro's right :D 2017-03-29 15:54:22 meh 2017-03-29 15:54:30 nvm just...idk 2017-03-29 16:35:41 o/ 2017-03-29 16:35:45 \o 2017-03-29 16:38:00 urgh. what a day again. 2017-03-29 16:38:19 TBB: today's been pretty relaxed for me 2017-03-29 16:38:31 mostly upstream bugs in scanning for me 2017-03-29 16:39:04 seems I'll be sending bug reports to both HP and SANE project... 2017-03-29 17:25:03 I'm not sure why, but i3 doesn't seem to be 1920x1080. I definitely installed the nouveau package. 2017-03-29 17:26:47 luxio: Doesn't seem to? What does xrandr say? 2017-03-29 17:27:29 Berra: http://termbin.com/djox 2017-03-29 17:28:47 luxio: Well it seems right then! Very weird however - but I doubt this has anything to do with i3 (I might be super wrong). 2017-03-29 17:29:29 luxio: Have you run any other WM under the same system and gotten 1080? 2017-03-29 17:30:15 Berra: Nope. On a previous install I remember it was the same res (1280x1024), it seems. I didn't spend much time on that install though, I was just distro hopping. 2017-03-29 17:30:52 luxio: Ok - must be a graphics driver thing. nouveau you say. 2017-03-29 17:31:13 Yeah. If there's any nvidia alternative I'm willing to try that. 2017-03-29 17:31:53 luxio: You can try installing the nvidia propriatary blobs 2017-03-29 17:32:05 luxio: http://www.nvidia.com/object/unix.html 2017-03-29 17:32:37 on musl? 2017-03-29 17:32:38 luxio: Might be impossible because of musl - I'm not sure about that 2017-03-29 17:32:44 Exactly 2017-03-29 17:35:23 http://termbin.com/q4uz 2017-03-29 17:35:27 ^ my dmesg, if it might help 2017-03-29 17:37:38 VGA cable comes from GTX 750ti to my monitor. 2017-03-29 17:38:06 Would changing to HDMI make any difference? 2017-03-29 17:38:18 luxio: I think there is a freenode nouveau channel where you'd be able to get good support on the current state of your card 2017-03-29 17:38:36 luxio: Yes that might make a ton of difference (just a hunch) 2017-03-29 17:38:51 alright. brb, I'll try that 2017-03-29 17:46:23 Now it's 1024x768 2017-03-29 17:46:26 lol 2017-03-29 17:52:34 Alright someone in #nouveau said that the problem was that nomodeset was being passed to the kernel 2017-03-29 17:52:36 How do I not do that? 2017-03-29 17:58:13 Hey-o! It's working now. 2017-03-29 17:58:31 By the way, is obmenu/obconf available on alpine? 2017-03-29 18:01:06 guys, I encounter linking problem which causes segfault and X11 crash via opengl applications including chromium-browser. Intel xorg driver can't see the symbols from /usr/lib/libglapi.so.0 : https://paste.ee/p/zV08v 2017-03-29 18:01:41 anyone know why boot hangs for a long time on chrond in 3.5 2017-03-29 18:02:05 atomi: yeah I'm getting that too 2017-03-29 18:02:12 LD_PRELOAD=/usr/lib/libglapi.so.0 works but I don't know what caused this problem. 2017-03-29 18:02:13 yeah this is on a vm it might be a ntpd time thing or 2017-03-29 18:02:34 idk 2017-03-29 18:02:47 atomi: there was a chrony update on edge today 2017-03-29 18:02:50 atomi: is it chrond o chrony? 2017-03-29 18:03:31 https://s3.atomi.space/public/Screenshot%20from%202017-03-29%2011-03-04.png 2017-03-29 18:03:39 stuck like that for about 5 minutes 2017-03-29 18:03:53 but it eventually does boot 2017-03-29 18:03:54 oh I'm only getting like a 3 second hang 2017-03-29 18:03:55 The other thing to check is that the RNG isn't starved. 2017-03-29 18:04:23 Is using edge a bad idea as a "normal user"? 2017-03-29 18:05:31 luxio: No, but do expect things to break and report them. 2017-03-29 18:06:05 Also is it just a coincidence that android packages are .apk? 2017-03-29 18:06:49 luxio: android apk is a zip and entirely different 2017-03-29 18:07:15 Hmm, it looks like it's hanging AFTER crond, right? 2017-03-29 18:07:25 What's the NEXT thing to pop up? 2017-03-29 18:29:57 ummmmmmm??? http://i.imgur.com/sqCYeNB.png 2017-03-29 18:30:17 what's up with the text? 2017-03-29 18:30:59 TemptorSent, I'm testing edge now 2017-03-29 18:31:21 I may as well 2017-03-29 18:31:59 atomi: It works most of the time, but occasionly you'l find a surprised. 2017-03-29 18:32:12 like I just did in 3.5 2017-03-29 18:33:08 which one? http://dl-3.alpinelinux.org/alpine/edge/releases/x86_64/ 2017-03-29 18:35:39 looks like there are no edge releases 2017-03-29 18:36:10 atomi: No, you just enable the repo 2017-03-29 18:36:44 no I know, but there used to be edge releases 2017-03-29 18:37:32 atomi: Ahh, I'm recent to Alpine and didn't know that there were such things prior. 2017-03-29 19:08:54 luxio: missing fonts. have you tried installing alpine-desktop? 2017-03-29 19:09:59 kaniini: http://termbin.com/cqsv 2017-03-29 19:11:13 ouch 2017-03-29 19:12:10 kaniini: `apk del firefox` and `apk add alpine-desktop` worked though 2017-03-29 19:21:06 kaniini: Is it possible to get the latest version of firefox? This one seems to be 45 2017-03-29 19:26:14 right now, not possible sorry 2017-03-29 19:26:24 it should be possible to choose between ESR and mainline 2017-03-29 19:26:30 but it is not because of that conflict 2017-03-29 21:28:09 kaniini (and others) - Relaxed the rule for new users adding links to the wiki. 2017-03-29 21:29:50 hah 2017-03-29 21:33:22 nangel: yes, that is much better, thanks 2017-03-29 22:50:16 Is there a way to install a specific package version? Or can I assume that a package on 3.5 won't be upgraded apart from bugfixes? 2017-03-29 22:50:22 ncopa - take a look at latest revision to mkimage -- added mkinitfs.sh wrapper that depends only on the utils and contents of initfs dir. 2017-03-29 22:52:12 ncopa: AFAIK, it's a drop in replacement for the purposes of update-kernel except for the current vs new feature names not yet being mapped. 2017-03-29 23:06:04 ncopa: To be honest, I don't see any reason not to distribute the kitchen-sink modloop as a package including all modules from all packages. We can cut custom ones that include just whats needed, but the stock one is pretty much static AFAIK. 2017-03-29 23:07:16 ncopa: Once you remove building the modloop and staging the files for mkinitfs, update-kernel reduces to unmounting/mounting modloop and installing a couple of files. 2017-03-29 23:08:07 ncopa: (DTBs also don't need to be derrived each time) 2017-03-29 23:09:28 ncopa: So the only thing we really need to deal with that's not static more or less is user configurations. 2017-03-29 23:09:57 ncopa: I added a couple quick READMEs. 2017-03-30 07:38:14 anyone successfully running nmap on 3.5? 2017-03-30 07:50:52 ScrumpyJack: seems to work on 3.5. on armv7 2017-03-30 07:51:32 <_ikke_> any idea how /root can be 1.6G large, but ls -al reveals nothing (and lsof does not reveal any deleted files) 2017-03-30 07:52:52 nothing mounted on top of a non-empty dir there, I assume? 2017-03-30 07:53:42 i'm getting st.ilet.to/nmap 2017-03-30 07:54:00 if you had lots of stuff in /root/foo and then mount a device on top of foo, the /root filesystem would still show lots of data being in use, but not visible since something else is on top of it 2017-03-30 07:54:15 not very likely, but one possible explanation 2017-03-30 07:54:16 first of all nmap-nselibs is missing as a dependancy 2017-03-30 07:54:30 (or, not likely in /root, but for / it could be) 2017-03-30 07:55:08 <_ikke_> IcePic: du -sch /* shows /root being that large, and nothing mounted other than / (nothing in /root) 2017-03-30 07:57:00 <_ikke_> it is a run-from-ram system 2017-03-30 07:57:12 ah, it's just the -A option (Enable OS detection, version detection, script scanning, and traceroute) 2017-03-30 07:57:38 ScrumpyJack: yeah, -A fails 2017-03-30 12:54:13 do the raspi images work on the rpi1 (first iteration)? 2017-03-30 13:06:04 parazyd, yeah, they should 2017-03-30 13:06:10 at least I'm running it on rpi b+ 2017-03-30 13:06:13 ah great 2017-03-30 13:06:29 yeah i found an old model b so i figured out i could run alpine on it 2017-03-30 13:07:02 it should work just fine 2017-03-30 13:07:22 do you run a traditional install or something else? 2017-03-30 13:07:29 (disk-based) 2017-03-30 13:09:58 sd cards should probably work out fine between all rpi1,2,zero models just by moving the card I guess 2017-03-30 13:10:13 and rpi3, running in 32bit mode 2017-03-30 13:11:47 I'm modifying some packages for myself by increasing the release number by r1.1 r1.2 without touching major release number. But "apk update ; apk upgrade" just avoiding these packages even though they listed in "apk search". 2017-03-30 13:14:13 parazyd, I'm running it in the "diskless" mode 2017-03-30 13:14:24 I have the apkovl stored on the sdcard and it reapplies on each reboot 2017-03-30 13:17:34 ack 2017-03-30 13:17:41 i'll give it a shot :) 2017-03-30 13:23:55 parazyd, let us know how it went :) 2017-03-30 13:24:16 i'll try a disk install though 2017-03-30 13:25:06 ah ffs 2017-03-30 13:25:11 the hdmi is broken 2017-03-30 13:27:46 I don't recall having trouble with it 2017-03-30 13:27:50 but it was some time ago 2017-03-30 13:27:59 no, the hardware 2017-03-30 13:28:03 i'll try serial 2017-03-30 13:28:16 oh 2017-03-30 13:38:45 kernel panic 2017-03-30 13:41:21 http://sprunge.us/DUUh 2017-03-30 13:41:32 <^7heo> kernel panic without systemd? 2017-03-30 13:41:34 <^7heo> niiice. 2017-03-30 13:41:38 <^7heo> ACTION hides 2017-03-30 13:42:38 unpossible. ;) 2017-03-30 13:45:23 anything i can do with this? 2017-03-30 14:09:05 ncopa: I have some missing symbols problem with mesa-dri-intel. I'm on edge and chromium-browser crashes along with x11 session due to the missing symbols from /usr/lib/xorg/modules/dri/i965_dri.so 2017-03-30 14:09:24 ncopa: https://paste.ee/p/D1EgH 2017-03-30 14:10:11 ncopa: these symbols are from /usr/lib/libglapi.so.0 and LD_PRELOAD method works as workaround. 2017-03-30 14:11:28 sounds like underlinking issue 2017-03-30 14:11:32 ncopa: I hadn't such a problem earlier and doesn't know what caused this. 2017-03-30 14:12:08 what packages provides /usr/lib/xorg/modules/dri/i965_dri.so and /usr/lib/libglapi.so.0? 2017-03-30 14:12:38 all are mesa derived packages 2017-03-30 14:13:10 seems like i965_dri.so doesn't aware libglapi.so 2017-03-30 14:13:12 sounds like linkerflag -glapi is missing 2017-03-30 14:13:55 ncopa: maybe.. will you switch mesa-13 ? 2017-03-30 14:14:18 or 17 :) 2017-03-30 14:19:02 humm. mesa is working fine for me 2017-03-30 14:19:02 what is mesa 17? 2017-03-30 14:19:13 seems to work for me too 2017-03-30 14:20:20 Mesa 13.0.6 and Mesa 17.0.2 are released. These are bug-fix releases from the 13.0 and 17.0 branches, respectively. 2017-03-30 14:20:20 NOTE: It is anticipated that 13.0.6 will be the final release in the 13.0 series. Users of 13.0 are encouraged to migrate to the 17.0 series in order to obtain future fixes. 2017-03-30 14:20:22 ldd /usr/lib/xorg/modules/dri/i965_dri.so ?? 2017-03-30 14:21:02 is linked to the libglapi.so.0 ? 2017-03-30 14:22:16 ncopa: We're on 12.0 btw. 2017-03-30 14:22:38 yeah 2017-03-30 14:22:41 we should upgrade to 17 2017-03-30 14:23:34 ncopa: can you check "ldd /usr/lib/xorg/modules/dri/i965_dri.so" on your machine please? 2017-03-30 14:23:41 same error 2017-03-30 14:23:57 but i think that is how xorg works in general 2017-03-30 14:23:58 ok I just relaxed :) 2017-03-30 14:24:02 with lazy loading 2017-03-30 14:25:44 but I can't use chromium-browser because of this. If I launch chromium via LD_PRELOAD it is fine. Am I only one to dealing with such problem? 2017-03-30 14:26:16 terra: alpine 3.5 or edge? 2017-03-30 14:26:23 I checked "ldd /usr/lib/xorg/modules/dri/i965_dri.so" on Arch but it coreectly linked to the libglapi.so 2017-03-30 14:26:31 ncopa: edge 2017-03-30 14:26:45 it links to libglapi? 2017-03-30 14:26:49 ok sounds like bug then 2017-03-30 14:26:53 ncopa: yes 2017-03-30 14:27:32 https://git.archlinux.org/svntogit/packages.git/tree/trunk/0001-glapi-Link-with-glapi-when-built-shared.patch?h=packages/mesa 2017-03-30 14:28:33 ncopa: thanks 2017-03-30 14:29:45 I'm going to prepare a custom build 2017-03-30 14:35:18 i just pushed updated mesa 2017-03-30 14:35:33 and 4.9.19 vanilla kernel 2017-03-30 14:35:43 should be available in 20mins or so 2017-03-30 14:36:48 ncopa: patched mesa-12 or mesa-17 ? 2017-03-30 14:39:31 mesa 12 2017-03-30 14:41:08 yeah, as I guessed. Switching to the mesa-17 won't be that fast :]. Thank you btw. 2017-03-30 14:44:44 ncopa: any idea on continued -grsec lifecycle for 4.9 yet? 2017-03-30 14:45:21 not sure 2017-03-30 14:45:38 seems like they want provide testing patches once in a while for grsecurity 2017-03-30 15:39:18 what are the differences in alpine-virt? 2017-03-30 15:39:26 it's a very tiny iso 2017-03-30 15:39:38 and everything I need seems to be working 2017-03-30 15:39:48 is it just that it's slimmed down? 2017-03-30 15:40:08 by the way the alpine contributors are killing it 2017-03-30 15:40:30 so much work done since the 3.3 days 2017-03-30 15:42:26 best I can get is alpine-virt is just slimmed down with stuff not needed for vms removed 2017-03-30 15:45:56 atomi: kernel in alpine-virt has excluded alot of the hardware drivers 2017-03-30 15:46:11 has only stuff that you find on virtual machines 2017-03-30 15:46:18 ncopa, yeah I thought as much. is the config available? 2017-03-30 15:46:53 I checked the repo and didn't see it 2017-03-30 15:46:59 <_ikke_> http://git.alpinelinux.org/cgit/alpine-iso/tree/alpine-virt.conf.mk 2017-03-30 15:47:04 http://git.alpinelinux.org/cgit/aports/tree/main/linux-grsec/config-virtgrsec.x86_64 2017-03-30 15:47:14 ah there it is ty sirs 2017-03-30 15:48:35 <_ikke_> http://git.alpinelinux.org/cgit/aports/tree/main/linux-grsec/config-grsec.x86 2017-03-30 15:48:42 yeah man I have to say top notch work <3 2017-03-30 15:49:28 <_ikke_> http://git.alpinelinux.org/cgit/aports/tree/main/linux-grsec/config-grsec.x86 2017-03-30 15:49:38 <_ikke_> ah, ncopa already pasted id 2017-03-30 16:25:29 hey! Could someone tell me more about the different versions of alpine ? How does mini compare to standard? and virtual to standard ? 2017-03-30 16:25:41 lol 2017-03-30 16:26:04 atomi, what´s funny ? 2017-03-30 16:26:20 I just asked about alpine-virt like 10 minutes ago 2017-03-30 16:27:39 I´m sorry, didn´t read back ^^ 2017-03-30 16:28:08 and mini vs standard ? 2017-03-30 16:28:08 yeah I think the downloads section does a good job explaining most of it https://www.alpinelinux.org/downloads/ 2017-03-30 16:28:16 mini is for docker 2017-03-30 16:28:31 or chroot like it says in the downloads sectino 2017-03-30 16:28:36 *section 2017-03-30 16:28:51 ah ok, so mini won´t run without docker host ? 2017-03-30 16:29:19 it should run as chroot, but I haven't done it 2017-03-30 16:30:04 so you need a kernel iow 2017-03-30 17:31:49 Is there a way to get the virtual kernel without grsec ? 2017-03-30 17:32:45 Is there anyway to get connected serial ports to belong to the dialout group rather than root? 2017-03-30 17:32:57 serial ports belonging to arduinos and the like. 2017-03-30 17:40:37 Peasant65_: doesn't look like that variant currently exists 2017-03-30 17:40:52 the vanilla kernel *should* include everything needed for virt too, I think? 2017-03-30 17:41:10 yea, but it´s a bit big for my taste 2017-03-30 17:41:25 I have a 30gb ssd which is allready running windows ;) 2017-03-30 17:41:35 ACTION compiles his own kernels in the first place, so can't be of much help there sadly 2017-03-30 18:04:04 so there´s no virtual kernel without grsec lying around somewhere ? 2017-03-30 18:05:06 not that i know of 2017-03-30 18:59:26 the rpi image is stuck on requiring password change 2017-03-30 18:59:55 just keeps asking me to change the password on ssh login 2017-03-30 19:00:03 :/ 2017-03-30 19:02:40 hmmm lbu commit didn't write changes 2017-03-30 20:14:29 atomi, did you update time? 2017-03-30 20:33:10 anybody any experience setting up alpine with ostree ? 2017-03-30 21:52:23 anyone using (sys) disk-based install for the raspberry pi? 2017-03-31 00:41:38 hi can anyone tell me what the alpine-linux equivalent to envvars file is ? 2017-03-31 00:43:08 for apache? 2017-03-31 00:45:32 /etc/conf.d/apache2 is the most likely equivalent 2017-03-31 00:45:37 or /etc/conf.d/apache 2017-03-31 00:45:49 i don't have apache installed myself, but /etc/conf.d contains config files for service configuration 2017-03-31 00:45:52 typically 2017-03-31 01:39:45 quick question - i can't seem to install firefox-esr out of the testing repository 2017-03-31 01:40:10 are there any extra steps that i need to take to enable me to install it 2017-03-31 01:43:01 problem solved, sorry 2017-03-31 01:50:34 what was the issue? 2017-03-31 01:52:15 i had to enable the 'edge' testing repository 2017-03-31 02:00:29 thanks Shiz 2017-03-31 10:12:23 oh nice, now I've finally managed to corrupt the package database! 2017-03-31 10:13:34 FDB format error followed by Unable to read dtabase state: Operation not permitted 2017-03-31 10:36:48 okay, this is fun. there's one extra " in the APKBUILD in the style of mkdir -p ""dir" and this results in those mkdir -p's going to the package database 2017-03-31 11:26:35 hi 2017-03-31 14:00:34 Q regarding [alpine-devel] Alpine edge has switched to libressl 2017-03-31 14:00:52 How do you intend to deal with the patches you need to build all packages? 2017-03-31 14:54:54 they are in aports 2017-03-31 14:55:49 Yes, but how do you deal with them in the project 2017-03-31 14:55:57 Always upstream them? 2017-03-31 14:56:10 And where do you get your patches from? Generate your own? 2017-03-31 14:57:24 all of that is up to the individual maintainer of whatever package has the patch 2017-03-31 14:58:32 We now have Void, Alpine, OpenElec, TrueOS, HardenedBSD, OpenBSD creating their own patches pretty often 2017-03-31 14:58:49 blah blah blah 2017-03-31 14:59:37 I'm basically reaching out to other projects to seek collaboration 2017-03-31 15:00:04 well if you have a proposal for that, i would love to hear it 2017-03-31 15:00:15 What ML would be appropriate? 2017-03-31 15:00:24 alpine-devel 2017-03-31 15:00:34 Cool! Hope to get to that this weekend 2017-03-31 15:01:05 We're now burning valuable resources that could work on other things :D 2017-03-31 15:01:35 i'm not against having some repository of libressl patches that could be searched -- the question just comes down to if it is really more efficient use of our time to participate 2017-03-31 15:01:43 would need to see a more specific proposal to say either way 2017-03-31 15:02:12 That I can imagine 2017-03-31 15:03:15 I've upstreamed a great many but projects adding support for OpenSSL 1.1 tend to break with LibreSSL 2017-03-31 15:03:41 yes, i just fixed freeradius yesterday as a result 2017-03-31 15:03:42 THanks to #if OPENSSL_VERSION_NUMBER >= 0x1010000000L 2017-03-31 15:04:19 however, i am of the opinion that if libressl would like to claim OPENSSL_VERSION_NUMBER 0x20000000, it should support the openssl API changes. 2017-03-31 15:05:09 I believe they do not agree... OpenBSD devs are pretty stubborn 2017-03-31 15:05:12 and i may ultimately revert that stupidity in libressl 2017-03-31 15:05:53 That is easier indeed, just patch LibreSSL to set 0x100010000f 2017-03-31 15:05:57 yes -- i am just stating it is possibly more efficient to just fix the stupidity in libressl 2017-03-31 15:06:24 I missed the Libre Hackathon in Toulouse so I don't know the latest 2017-03-31 15:06:27 since there is also LIBRESSL_VERSION_NUMBER 2017-03-31 15:06:41 They had no inclination to support anything that OpenSSL does 2017-03-31 15:07:06 After much bitching by me and others for something easily detectable 2017-03-31 15:07:16 it's too early to measure impact. but like i said, that might be what we do 2017-03-31 15:07:22 (in alpine) 2017-03-31 15:07:34 like if we find ourselves haivng to fix tons of packages 2017-03-31 15:07:47 we will probably just drop OPENSSL_VERSION_NUMBER back down to something more sane 2017-03-31 15:07:50 You're then going to get hit with no support for TLSv1.3 when they add it 2017-03-31 15:08:14 see? it's impossible to win with openssl 2017-03-31 15:08:43 We can only hope projects start adding compat shims making our lives easier 2017-03-31 15:09:10 I'm off now, it's beer-time-o-clock here :D 2017-03-31 15:09:27 Thanks for the indo! 2017-03-31 15:09:29 info! 2017-03-31 15:12:52 Barnerd: there is a third outcome 2017-03-31 15:13:14 Barnerd: wherein i get very angry at the stupidity of both parties and just make an openssl shim ontop of something else 2017-03-31 15:13:23 Barnerd: as i did when pkg-config pissed me off 2017-03-31 15:13:49 That's how FreeBSD grew their own pkgconf I guess? 2017-03-31 15:13:52 although i believe apple tried to do that and failed with CommonCrypto 2017-03-31 15:14:06 FreeBSD's pkgconf comes from alpine 2017-03-31 15:14:07 With OpenSSL there's no way to win 2017-03-31 15:14:16 Then I must thank you! 2017-03-31 15:14:51 yes, well with pkgconf we have discovered that upstreams depend on buggy pkg-config behaviour 2017-03-31 15:14:51 The API is so stoopid you cannot recreate it without killing yourself first 2017-03-31 15:14:54 it is very annoying 2017-03-31 15:15:09 i am sure the libressl guys have discovered similar with openssl 2017-03-31 15:15:32 Hence the new libtls api with less stupidity 2017-03-31 15:17:33 personally i just use mbedtls when i need tls these days 2017-03-31 15:18:05 my doctor said working with the openssl api was bad for my health (not even kidding, stupidity makes me angry) 2017-03-31 15:19:04 (why then work with Linux and GNU things) 2017-03-31 15:19:39 I've found BSD's are much more amenable in that respect. Structure... 2017-03-31 15:19:44 No Poetteringware 2017-03-31 15:21:02 well, alpine do produce things that freebsd use 2017-03-31 15:21:04 (pkgconf) 2017-03-31 15:21:07 :) 2017-03-31 16:30:10 question: how do i install python dependencies on alpine linux? on ubuntu I would use `apt build-dep python3` 2017-03-31 16:36:27 like to build your own python? 2017-03-31 16:36:37 use aports for that 2017-03-31 16:36:57 You might look at Alpine Docker image for Python for reference: https://github.com/docker-library/python/blob/9f67896dbaf1b86f2446b0ab981aa20f4d336132/3.5/alpine/Dockerfile#L43 2017-03-31 16:38:30 In case you are using Docker anyways, I also published a post recently on using that same method to install build deps for python requirements only while they're needed, and then remove them: https://www.caktusgroup.com/blog/2017/03/14/production-ready-dockerfile-your-python-django-app/ 2017-03-31 16:39:50 Unrelated question: has anyone else run into strftime issues w/Alpine Linux (e.g., https://github.com/iron-io/dockers/issues/42)? I struggle to see how it's usable as-is... 2017-03-31 16:40:57 all of that is musl 2017-03-31 16:54:32 I am having trouble with localhost:~# apk add python3>3.6.1 opencv>3.2.0 2017-03-31 16:54:43 Error relocating /usr/lib/libpng16.so.16: inflateValidate: symbol not found 2017-03-31 16:57:59 I want to install Python 3.6.1 and OpenCV 3.2 (with Python 3.6.1 bindings) 2017-03-31 16:58:01 Is this possible?! 2017-03-31 17:00:03 Those two are in edge/testing and I am running 3.5 as my base system 2017-03-31 17:00:09 Do you have any recommendations? 2017-03-31 17:01:48 add edge as @edge and install those pkgs from there 2017-03-31 17:02:01 the rest will stay 3.5 2017-03-31 17:03:19 thx 2017-03-31 18:06:49 nmi watchdog BUG soft lockup - cpu#0 stuck for 23s 2017-03-31 18:06:52 ...what? 2017-03-31 18:10:32 apparently someone else had the same issue 2017-03-31 18:10:33 https://forum.alpinelinux.org/forum/installation/alpine-linux-ms-hyper-v 2017-03-31 18:10:50 hyperv is always a bit special 2017-03-31 18:10:57 im not using hyperv 2017-03-31 18:11:02 but in VMs you don't really need to monitor machine check events 2017-03-31 18:11:03 oh. 2017-03-31 18:11:10 the your system was unhappy :/ 2017-03-31 18:11:16 nor am I using a vm 2017-03-31 18:11:32 I ran an update then restarted 2017-03-31 18:11:45 the 23s is followed by another 23s each time 2017-03-31 18:12:03 scheduler bug or i.e. a HPET issue or other things 2017-03-31 18:12:20 HP as in HP computers? 2017-03-31 18:12:32 high precision event timer 2017-03-31 18:12:39 oh 2017-03-31 18:12:44 well is there a solution? 2017-03-31 18:12:48 cpu clock, can get confused by power management 2017-03-31 18:13:02 i'd say go back to an older kernel and open an issue 2017-03-31 18:13:13 and issue where? forums? 2017-03-31 18:13:22 try to turn off power management if you want to debug a bit 2017-03-31 18:13:30 bugs.alpinelinux.org 2017-03-31 18:13:32 in the bios? 2017-03-31 18:13:48 in linux is hopefully enough 2017-03-31 18:13:53 google for max_cstate 2017-03-31 18:14:01 i don't have this stuff in memory 2017-03-31 18:14:03 ...the kernel commandline 2017-03-31 18:14:05 ? 2017-03-31 18:14:10 like when you boot 2017-03-31 18:14:16 or do I need a livecd 2017-03-31 18:14:30 command line 2017-03-31 18:14:33 google, please 2017-03-31 18:14:39 i need to work 2017-03-31 19:08:48 How do I determine the differences between two package versions? I see an r0 and r1 release between 3.5 and edge and don't know how to tell why the version has changed 2017-03-31 19:09:46 Is there a "stable" version of the kernel that I can grab? 2017-03-31 19:20:46 nvm actually 2017-03-31 19:27:03 tech2: right now the only way is to check aports git history, we are working on embedded changelogs for apk-tools 3.x series though 2017-03-31 19:31:13 hi I have run into a problem making my alpine-linux httpd.conf setup more like debian /ubuntu style. Debian/Ubuntu uses envvars file to load environmental variables. What does alpine-‌linux use /etc/init.d seems to have no such variables. Thanks in advance 2017-03-31 19:31:39 s/etc/init.d // /etc/init.d/apache2 2017-03-31 19:46:15 ok well I chrooted in, I've tried to reinstall linux-vanilla but it's giving me a bunch of errors 2017-03-31 19:46:18 any suggestions? 2017-03-31 19:47:19 most of the errors are along the lines of "can't create" or "no such file" in some /tmp directory 2017-03-31 19:48:01 but then apk just says "OK" after that? 2017-03-31 19:51:12 kaniini: thanks 2017-03-31 20:11:09 nvm im good on that issue - coreutils was not installed 2017-03-31 21:47:08 hello all, alpine noob here. I'm trying to install freeswitch using ```apk add freeswitch``` and I get the following: 2017-03-31 22:49:19 hi I have run into a problem making my alpine-linux httpd.conf setup more like debian /ubuntu style. Debian/Ubuntu uses envvars file to load environmental variables. What does alpine-‌linux use /etc/init.d seems to have no such variables. Thanks in advance 2017-03-31 22:49:34 s/etc/init.d // /etc/init.d/apache2